ID CVE-2016-3440
Summary Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
References
Vulnerable Configurations
  • Oracle MySQL 5.7.11
    cpe:2.3:a:oracle:mysql:5.7.11
CVSS
Base: 4.0 (as of 17-08-2016 - 09:46)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Databases
    NASL id MYSQL_5_7_13_RPM.NASL
    description The version of MySQL running on the remote host is 5.7.x prior to 5.7.13. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3424, CVE-2016-3440, CVE-2016-3501, CVE-2016-3518) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3452) - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459, CVE-2016-5436) - An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3486) - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to impact integrity and confidentiality. (CVE-2016-3588) - Multiple unspecified flaws exist in the Security: Encryption subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3614, CVE-2016-5442) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615) - An unspecified flaw exists in the Log subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5437) - An unspecified flaw exists in the Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5439) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5441) - An unspecified flaw exists in the Connection subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-5443) - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5444) - An unspecified flaw exists in the InnoDB Plugin subcomponent that allows an authenticated, remote attacker to impact integrity. (CVE-2016-8288) - Multiple flaws exist in InnoDB that are triggered when handling specially crafted 'ALTER TABLE' operations. An authenticated, remote attacker can exploit these issues to crash the database, resulting in a denial of service condition. - Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - Multiple overflow conditions exist in the InnoDB memcached plugin due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - An unspecified flaw exists that is triggered when invoking Enterprise Encryption functions in multiple threads simultaneously or after creating and dropping them. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when handling a 'SELECT ... GROUP BY ... FOR UPDATE' query executed with a loose index scan. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when performing a 'FLUSH TABLES' operation on a table with a discarded tablespace. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - A flaw exists in InnoDB that is triggered when performing an 'OPTIMIZE TABLE' operation on a table with a full-text index. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when performing an UPDATE operation on a generated virtual BLOB column. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when performing a 'SHOW CREATE TABLE' operation on a table with a generated column. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 91998
    published 2016-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91998
    title Oracle MySQL 5.7.x < 5.7.13 Multiple Vulnerabilities
  • NASL family Databases
    NASL id MYSQL_5_7_13.NASL
    description The version of MySQL running on the remote host is 5.7.x prior to 5.7.13. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3424, CVE-2016-3440, CVE-2016-3501, CVE-2016-3518) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3452) - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459, CVE-2016-5436) - An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3486) - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to impact integrity and confidentiality. (CVE-2016-3588) - Multiple unspecified flaws exist in the Security: Encryption subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3614, CVE-2016-5442) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615) - An unspecified flaw exists in the Log subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5437) - An unspecified flaw exists in the Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5439) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5441) - An unspecified flaw exists in the Connection subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-5443) - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5444) - An unspecified flaw exists in the InnoDB Plugin subcomponent that allows an authenticated, remote attacker to impact integrity. (CVE-2016-8288) - Multiple flaws exist in InnoDB that are triggered when handling specially crafted 'ALTER TABLE' operations. An authenticated, remote attacker can exploit these issues to crash the database, resulting in a denial of service condition. - Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - Multiple overflow conditions exist in the InnoDB memcached plugin due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - An unspecified flaw exists that is triggered when invoking Enterprise Encryption functions in multiple threads simultaneously or after creating and dropping them. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when handling a 'SELECT ... GROUP BY ... FOR UPDATE' query executed with a loose index scan. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when performing a 'FLUSH TABLES' operation on a table with a discarded tablespace. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - A flaw exists in InnoDB that is triggered when performing an 'OPTIMIZE TABLE' operation on a table with a full-text index. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when performing an UPDATE operation on a generated virtual BLOB column. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when performing a 'SHOW CREATE TABLE' operation on a table with a generated column. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 91997
    published 2016-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91997
    title MySQL 5.7.x < 5.7.13 Multiple Vulnerabilities
  • NASL family Databases
    NASL id MYSQL_5_7_12_RPM.NASL
    description The version of Oracle MySQL installed on the remote host is 5.7.x prior to 5.7.12. It is, therefore, affected by the following vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - An unspecified flaw exists in the Pluggable Authentication subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-0639) - An unspecified flaw exists in the Federated subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-0642) - An unspecified flaw exists in the DML subcomponent that allows a local attacker to disclose potentially sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0648) - An unspecified flaw exists in the InnoDB subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0655) - An unspecified flaw exists in the JSON subcomponent that allows a local attacker to disclose potentially sensitive information. (CVE-2016-0657) - An unspecified flaw exists in the Optimizer subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0659) - An unspecified flaw exists in the Partition subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0662) - An unspecified flaw exists in the Security: Privileges subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0666) - An unspecified flaw exists in the Locking subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0667) - A key disclosure vulnerability exists in the bundled version of OpenSSL due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists in the bundled version of OpenSSL due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists in the bundled version of OpenSSL due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist in the bundled version of OpenSSL that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists in the bundled version of OpenSSL that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A man-in-the-middle spoofing vulnerability exists due to the server hostname not being verified to match a domain name in the Subject's Common Name (CN) or SubjectAltName field of the X.509 certificate. A man-in-the-middle attacker can exploit this, by spoofing the TLS/SSL server via a certificate that appears valid, to disclose sensitive information or manipulate transmitted data. (CVE-2016-2047) - An unspecified flaw exists in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3440, CVE-2017-10378) - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-5444) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 90834
    published 2016-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90834
    title Oracle MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (RPM Check) (April 2016 CPU) (July 2016 CPU) (October 2017 CPU) (DROWN)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_CA5CB2024F5111E6B2ECB499BAEBFEAF.NASL
    description Oracle reports : The quarterly Critical Patch Update contains 22 new security fixes for Oracle MySQL 5.5.49, 5.6.30, 5.7.13 and earlier
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 92505
    published 2016-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92505
    title FreeBSD : MySQL -- Multiple vulnerabilities (ca5cb202-4f51-11e6-b2ec-b499baebfeaf)
refmap via4
bid
  • 91787
  • 91910
confirm http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
sectrack 1036362
Last major update 28-11-2016 - 15:09
Published 21-07-2016 - 06:12
Last modified 31-08-2017 - 21:29
Back to Top