ID CVE-2016-0605
Summary Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.
References
Vulnerable Configurations
  • Red Hat Enterprise Linux 6.0
    cpe:2.3:o:redhat:enterprise_linux:6.0
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • openSUSE Leap 42.1
    cpe:2.3:o:opensuse:leap:42.1
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
  • Oracle MySQL 5.6.26
    cpe:2.3:a:oracle:mysql:5.6.26
CVSS
Base: 2.1 (as of 21-12-2016 - 14:50)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-684.NASL
    description wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, also known as a Lenstra attack. (CVE-2015-7744) Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. (CVE-2015-4864) Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4866) Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4861) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2015-4862) Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0616) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. (CVE-2015-4910) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858 . (CVE-2015-4913) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. (CVE-2016-0610) Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0594) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0595) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0596) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0597) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0598) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802 . (CVE-2015-4792) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. (CVE-2015-4791) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache. (CVE-2015-4807) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. (CVE-2015-4870) Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0599) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. (CVE-2016-0546) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913 . (CVE-2015-4858) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. (CVE-2015-4815) Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. (CVE-2015-4833) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. (CVE-2015-4830) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP. (CVE-2015-4836) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to UDF. (CVE-2016-0608) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to privileges. (CVE-2016-0609) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Options. (CVE-2016-0505) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503 . (CVE-2016-0504) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication. (CVE-2015-4890) Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Partition. (CVE-2016-0601) Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld. (CVE-2015-4904) Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML. (CVE-2015-4905) Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. (CVE-2016-0605) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect integrity via unknown vectors related to encryption. (CVE-2016-0606) Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall. (CVE-2015-4766) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0611) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to replication. (CVE-2016-0607) Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. (CVE-2015-4819) Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. (CVE-2015-4879) Unspecified vulnerability in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0502) Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4895) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504 . (CVE-2016-0503) Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. (CVE-2016-0600) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792 . (CVE-2015-4802) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. (CVE-2015-4800) Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. (CVE-2015-4826)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 90366
    published 2016-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90366
    title Amazon Linux AMI : mysql56 (ALAS-2016-684)
  • NASL family Databases
    NASL id MYSQL_5_6_27_RPM.NASL
    description The version of Oracle MySQL installed on the remote host is 5.6.x prior to 5.6.27. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw exists in the Types subcomponent. An authenticated, remote attacker can exploit this to gain access to sensitive information. (CVE-2015-4826) - An unspecified flaw exists in the Security:Privileges subcomponent. An authenticated, remote attacker can exploit this to impact integrity. (CVE-2015-4830) - An unspecified flaw exists in the Security:Encryption subcomponent. An unauthenticated, remote attacker can exploit this to gain access to sensitive information. (CVE-2015-7744) - An unspecified flaw exists in the Options subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3471) Additionally, unspecified denial of service vulnerabilities exist in the following MySQL subcomponents : - DDL (CVE-2015-4815) - DML (CVE-2015-4858, CVE-2015-4862, CVE-2015-4913) - General (CVE-2016-0605) - InnoDB (CVE-2015-4861) - Memcached (CVE-2015-4910) - Optimizer (CVE-2015-4800) - Parser (CVE-2015-4870) - Partition (CVE-2015-4792, CVE-2015-4802) - Replication (CVE-2015-4890) - Security:Privileges (CVE-2015-4791) - SP (CVE-2015-4836)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 86661
    published 2015-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86661
    title Oracle MySQL 5.6.x < 5.6.27 Multiple Vulnerabilities (October 2015 CPU) (January 2016 CPU) (July 2016 CPU)
  • NASL family Databases
    NASL id MYSQL_5_6_27.NASL
    description The version of MySQL running on the remote host is 5.6.x prior to 5.6.27. It is, therefore, potentially affected by the following vulnerabilities : - A certificate validation bypass vulnerability exists in the Security:Encryption subcomponent due to a flaw in the X509_verify_cert() function in x509_vfy.c that is triggered when locating alternate certificate chains when the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication. (CVE-2015-1793) - An unspecified flaw exists in the Client Programs subcomponent. A local attacker can exploit this to gain elevated privileges. (CVE-2015-4819) - An unspecified flaw exists in the Types subcomponent. An authenticated, remote attacker can exploit this to gain access to sensitive information. (CVE-2015-4826) - An unspecified flaws exist in the Security:Privileges subcomponent. An authenticated, remote attacker can exploit these to impact integrity. (CVE-2015-4830, CVE-2015-4864) - An unspecified flaw exists in the DLM subcomponent. An authenticated, remote attacker can exploit this to impact integrity. (CVE-2015-4879) - An unspecified flaw exists in the Server Security Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2015-7744) Additionally, unspecified denial of service vulnerabilities can also exist in the following MySQL subcomponents : - DDL (CVE-2015-4815) - DML (CVE-2015-4858, CVE-2015-4862, CVE-2015-4905, CVE-2015-4913) - InnoDB (CVE-2015-4861, CVE-2015-4866, CVE-2015-4895) - libmysqld (CVE-2015-4904) - Memcached (CVE-2015-4910) - Optimizer (CVE-2015-4800) - Parser (CVE-2015-4870) - Partition (CVE-2015-4792, CVE-2015-4802, CVE-2015-4833) - Query (CVE-2015-4807) - Replication (CVE-2015-4890) - Security : Firewall (CVE-2015-4766) - Server : General (CVE-2016-0605) - Security : Privileges (CVE-2015-4791) - SP (CVE-2015-4836) - Types (CVE-2015-4730)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 86547
    published 2015-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86547
    title MySQL 5.6.x < 5.6.27 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-165.NASL
    description This update to MySQL 5.6.28 fixes the following issues (bsc#962779) : - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. - CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0503: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. - CVE-2016-0504: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. - CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options. - CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. - CVE-2016-0594: Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0595: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0605: Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. - CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption. - CVE-2016-0607: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. - CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF. - CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges. - CVE-2016-0610: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0611: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2015-5969: Fixed information leak via mysql-systemd-helper script. (bsc#957174) - bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf()
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88616
    published 2016-02-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88616
    title openSUSE Security Update : MySQL (openSUSE-2016-165)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-169.NASL
    description This update to MySQL 5.6.28 fixes the following issues (bsc#962779) : - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. - CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0503: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. - CVE-2016-0504: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. - CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options. - CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. - CVE-2016-0594: Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0595: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0605: Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. - CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption. - CVE-2016-0607: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. - CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF. - CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges. - CVE-2016-0610: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0611: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf()
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88633
    published 2016-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88633
    title openSUSE Security Update : MySQL (openSUSE-2016-169)
redhat via4
advisories
rhsa
id RHSA-2016:0705
refmap via4
bid 81253
confirm http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
sectrack 1034708
suse
  • openSUSE-SU-2016:0367
  • openSUSE-SU-2016:0377
Last major update 22-12-2016 - 09:22
Published 20-01-2016 - 22:02
Last modified 30-10-2018 - 12:27
Back to Top