Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871856
Category:Red Hat Local Security Checks
Title:RedHat Update for mariadb RHSA-2017:2192-01
Summary:The remote host is missing an update for the 'mariadb'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'mariadb'
package(s) announced via the referenced advisory.

Vulnerability Insight:
MariaDB is a multi-user, multi-threaded SQL
database server that is binary compatible with MySQL. The following packages
have been upgraded to a later upstream version: mariadb (5.5.56). (BZ#1458933)
Security Fix(es): * It was discovered that the mysql and mysqldump tools did not
correctly handle database and table names containing newline characters. A
database user with privileges to create databases or tables could cause the
mysql command to execute arbitrary shell or SQL commands while restoring
database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)

* A flaw was found in the way the mysqld_safe script handled creation of error
log file. The mysql operating system user could use this flaw to escalate their
privileges to root. (CVE-2016-5617, CVE-2016-6664) * Multiple flaws were found
in the way the MySQL init script handled initialization of the database data
directory and permission setting on the error log file. The mysql operating
system user could use these flaws to escalate their privileges to root.
(CVE-2017-3265) * It was discovered that the mysqld_safe script honored the
ledir option value set in a MySQL configuration file. A user able to modify one
of the MySQL configuration files could use this flaw to escalate their
privileges to root. (CVE-2017-3291) * Multiple flaws were found in the way the
mysqld_safe script handled creation of error log file. The mysql operating
system user could use these flaws to escalate their privileges to root.
(CVE-2017-3312) * A flaw was found in the way MySQL client library
(libmysqlclient) handled prepared statements when server connection was lost. A
malicious server or a man-in-the-middle attacker could possibly use this flaw to
crash an application using libmysqlclient. (CVE-2017-3302) * This update fixes
several vulnerabilities in the MariaDB database server. Information about these
flaws can be found on the Oracle Critical Patch Update Advisory page, listed in
the References section. (CVE-2017-3238, CVE-2017-3243, CVE-2017-3244,
CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317,
CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464) Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise
Linux 7.4 Release Notes linked from the References section.

Affected Software/OS:
mariadb on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-5483
Common Vulnerability Exposure (CVE) ID: CVE-2016-5617
Common Vulnerability Exposure (CVE) ID: CVE-2016-6664
BugTraq ID: 93612
http://www.securityfocus.com/bid/93612
Bugtraq: 20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) (Google Search)
http://www.securityfocus.com/archive/1/539695/100/0/threaded
Debian Security Information: DSA-3770 (Google Search)
http://www.debian.org/security/2017/dsa-3770
https://www.exploit-db.com/exploits/40679/
http://seclists.org/fulldisclosure/2016/Nov/4
https://security.gentoo.org/glsa/201702-18
http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html
http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html
RedHat Security Advisories: RHSA-2016:2130
http://rhn.redhat.com/errata/RHSA-2016-2130.html
RedHat Security Advisories: RHSA-2016:2749
http://rhn.redhat.com/errata/RHSA-2016-2749.html
RedHat Security Advisories: RHSA-2017:2192
https://access.redhat.com/errata/RHSA-2017:2192
RedHat Security Advisories: RHSA-2018:0279
https://access.redhat.com/errata/RHSA-2018:0279
RedHat Security Advisories: RHSA-2018:0574
https://access.redhat.com/errata/RHSA-2018:0574
Common Vulnerability Exposure (CVE) ID: CVE-2017-3238
BugTraq ID: 95571
http://www.securityfocus.com/bid/95571
Debian Security Information: DSA-3767 (Google Search)
http://www.debian.org/security/2017/dsa-3767
https://security.gentoo.org/glsa/201702-17
RedHat Security Advisories: RHSA-2017:2787
https://access.redhat.com/errata/RHSA-2017:2787
RedHat Security Advisories: RHSA-2017:2886
https://access.redhat.com/errata/RHSA-2017:2886
http://www.securitytracker.com/id/1037640
Common Vulnerability Exposure (CVE) ID: CVE-2017-3243
BugTraq ID: 95538
http://www.securityfocus.com/bid/95538
Common Vulnerability Exposure (CVE) ID: CVE-2017-3244
BugTraq ID: 95565
http://www.securityfocus.com/bid/95565
Common Vulnerability Exposure (CVE) ID: CVE-2017-3258
BugTraq ID: 95560
http://www.securityfocus.com/bid/95560
Common Vulnerability Exposure (CVE) ID: CVE-2017-3265
BugTraq ID: 95520
http://www.securityfocus.com/bid/95520
Common Vulnerability Exposure (CVE) ID: CVE-2017-3291
BugTraq ID: 95501
http://www.securityfocus.com/bid/95501
Common Vulnerability Exposure (CVE) ID: CVE-2017-3302
BugTraq ID: 96162
http://www.securityfocus.com/bid/96162
Debian Security Information: DSA-3809 (Google Search)
http://www.debian.org/security/2017/dsa-3809
Debian Security Information: DSA-3834 (Google Search)
http://www.debian.org/security/2017/dsa-3834
http://www.openwall.com/lists/oss-security/2017/02/11/11
http://www.securitytracker.com/id/1038287
Common Vulnerability Exposure (CVE) ID: CVE-2017-3308
BugTraq ID: 97725
http://www.securityfocus.com/bid/97725
Debian Security Information: DSA-3944 (Google Search)
http://www.debian.org/security/2017/dsa-3944
Common Vulnerability Exposure (CVE) ID: CVE-2017-3309
BugTraq ID: 97742
http://www.securityfocus.com/bid/97742
Common Vulnerability Exposure (CVE) ID: CVE-2017-3312
BugTraq ID: 95491
http://www.securityfocus.com/bid/95491
Common Vulnerability Exposure (CVE) ID: CVE-2017-3313
BugTraq ID: 95527
http://www.securityfocus.com/bid/95527
Common Vulnerability Exposure (CVE) ID: CVE-2017-3317
BugTraq ID: 95585
http://www.securityfocus.com/bid/95585
Common Vulnerability Exposure (CVE) ID: CVE-2017-3318
BugTraq ID: 95588
http://www.securityfocus.com/bid/95588
Common Vulnerability Exposure (CVE) ID: CVE-2017-3453
BugTraq ID: 97776
http://www.securityfocus.com/bid/97776
Common Vulnerability Exposure (CVE) ID: CVE-2017-3456
BugTraq ID: 97831
http://www.securityfocus.com/bid/97831
Common Vulnerability Exposure (CVE) ID: CVE-2017-3464
BugTraq ID: 97818
http://www.securityfocus.com/bid/97818
Common Vulnerability Exposure (CVE) ID: CVE-2017-3600
BugTraq ID: 97765
http://www.securityfocus.com/bid/97765
RedHat Security Advisories: RHSA-2016:2927
http://rhn.redhat.com/errata/RHSA-2016-2927.html
RedHat Security Advisories: RHSA-2016:2928
http://rhn.redhat.com/errata/RHSA-2016-2928.html
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.