[FREEBSD:B64A7389-7C27-11E6-8AAA-5404A68AD561] Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662

Severity Critical

Affected Packages 1

CVEs 1

LegalHackers' reports:

  RCE Bugs discovered in MySQL and its variants like MariaDB.
     It works by manipulating my.cnf files and using --malloc-lib.
     The bug seems fixed in MySQL 5.7.15 by Oracle

Package	Affected Version
pkg:freebsd/mysql57-client	< 5.7.15

ID

FREEBSD:B64A7389-7C27-11E6-8AAA-5404A68AD561

Severity

critical

Severity from

CVE-2016-6662

URL

http://vuxml.freebsd.org/freebsd/b64a7389-7c27-11e6-8aaa-5404a68ad561.html

Published

2016-09-12T00:00:00
(8 years ago)

Modified

2016-09-14T00:00:00
(8 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
FreeBSD VuXML			https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:freebsd/mysql57-client		mysql57-client	< 5.7.15

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date