ID CVE-2016-5507
Summary Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.
References
Vulnerable Configurations
  • MariaDB 10.0.0
    cpe:2.3:a:mariadb:mariadb:10.0.0
  • MariaDB 10.0.1
    cpe:2.3:a:mariadb:mariadb:10.0.1
  • MariaDB 10.0.2
    cpe:2.3:a:mariadb:mariadb:10.0.2
  • MariaDB 10.0.3
    cpe:2.3:a:mariadb:mariadb:10.0.3
  • MariaDB 10.0.4
    cpe:2.3:a:mariadb:mariadb:10.0.4
  • MariaDB 10.0.5
    cpe:2.3:a:mariadb:mariadb:10.0.5
  • MariaDB 10.0.6
    cpe:2.3:a:mariadb:mariadb:10.0.6
  • MariaDB 10.0.7
    cpe:2.3:a:mariadb:mariadb:10.0.7
  • MariaDB 10.0.8
    cpe:2.3:a:mariadb:mariadb:10.0.8
  • MariaDB 10.0.9
    cpe:2.3:a:mariadb:mariadb:10.0.9
  • MariaDB 10.0.10
    cpe:2.3:a:mariadb:mariadb:10.0.10
  • MariaDB 10.0.11
    cpe:2.3:a:mariadb:mariadb:10.0.11
  • MariaDB 10.0.12
    cpe:2.3:a:mariadb:mariadb:10.0.12
  • MariaDB 10.0.13
    cpe:2.3:a:mariadb:mariadb:10.0.13
  • MariaDB 10.0.14
    cpe:2.3:a:mariadb:mariadb:10.0.14
  • MariaDB 10.0.15
    cpe:2.3:a:mariadb:mariadb:10.0.15
  • MariaDB 10.0.16
    cpe:2.3:a:mariadb:mariadb:10.0.16
  • MariaDB 10.0.17
    cpe:2.3:a:mariadb:mariadb:10.0.17
  • MariaDB 10.0.18
    cpe:2.3:a:mariadb:mariadb:10.0.18
  • MariaDB 10.0.19
    cpe:2.3:a:mariadb:mariadb:10.0.19
  • MariaDB 10.0.20
    cpe:2.3:a:mariadb:mariadb:10.0.20
  • MariaDB 10.0.21
    cpe:2.3:a:mariadb:mariadb:10.0.21
  • MariaDB 10.0.22
    cpe:2.3:a:mariadb:mariadb:10.0.22
  • MariaDB 10.0.23
    cpe:2.3:a:mariadb:mariadb:10.0.23
  • MariaDB 10.0.24
    cpe:2.3:a:mariadb:mariadb:10.0.24
  • MariaDB 10.0.25
    cpe:2.3:a:mariadb:mariadb:10.0.25
  • MariaDB 10.0.26
    cpe:2.3:a:mariadb:mariadb:10.0.26
  • MariaDB 10.0.27
    cpe:2.3:a:mariadb:mariadb:10.0.27
CVSS
Base: 6.8 (as of 11-01-2017 - 13:34)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201701-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201701-01 (MariaDB and MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MariaDB and MySQL. Please review the CVE identifiers referenced below for details. Impact : Attackers could execute arbitrary code, escalate privileges, and impact availability via unspecified vectors. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-01-03
    plugin id 96232
    published 2017-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96232
    title GLSA-201701-01 : MariaDB and MySQL: Multiple vulnerabilities
  • NASL family Databases
    NASL id MYSQL_5_7_15.NASL
    description The version of MySQL running on the remote host is 5.7.x prior to 5.7.15. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3492, CVE-2016-5632) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5507) - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5616) - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5617) - An unspecified flaw exists in the Packaging subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5625) - An unspecified flaw exists in the GIS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5626) - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5629) - A flaw exists in the check_log_path() function within file sql/sys_vars.cc due to inadequate restrictions on the ability to write to the my.cnf configuration file and allowing the loading of configuration files from path locations not used by current versions. An authenticated, remote attacker can exploit this issue by using specially crafted queries that utilize logging functionality to create new files or append custom content to existing files. This allows the attacker to gain root privileges by inserting a custom .cnf file with a 'malloc_lib=' directive pointing to specially crafted mysql_hookandroot_lib.so file and thereby cause MySQL to load a malicious library the next time it is started. (CVE-2016-6662) - An unspecified flaw exists that allows an authenticated, remote attacker to bypass restrictions and create the /var/lib/mysql/my.cnf file with custom contents without the FILE privilege requirement. (CVE-2016-6663) - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.(CVE-2016-8283) - An unspecified flaw exists in the Security: Privileges subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-8286) - A flaw exists that is related to the use of temporary files by REPAIR TABLE. An authenticated, remote attacker can exploit this to gain elevated privileges. - A flaw exists in InnoDB when handling an operation that dropped and created a full-text search table. An authenticated, remote attacker can exploit this to trigger an assertion, resulting in a denial of service condition. - A flaw exists in InnoDB when accessing full-text auxiliary tables while dropping the indexed table. An authenticated, remote attacker can exploit this to trigger an assertion, resulting in a denial of service condition. - A buffer overflow condition exists when handling long integer values in MEDIUMINT columns due to the improper validation of certain input. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - An information disclosure vulnerability exists in the validate_password plugin due to passwords that have been rejected being written as plaintext to the error log. A local attacker can exploit this to more easily guess what passwords might have been chosen and accepted. - A flaw exists in InnoDB when handling an ALTER TABLE ... ENCRYPTION='Y', ALGORITHM=COPY operation that is applied to a table in the system tablespace. An authenticated, remote attacker can exploit this to trigger an assertion, resulting in a denial of service condition. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 93379
    published 2016-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93379
    title MySQL 5.7.x < 5.7.15 Multiple Vulnerabilities
  • NASL family Databases
    NASL id MYSQL_5_7_15_RPM.NASL
    description The version of MySQL running on the remote host is 5.7.x prior to 5.7.15. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3492, CVE-2016-5632) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5507) - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5616) - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5617) - An unspecified flaw exists in the Packaging subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5625) - An unspecified flaw exists in the GIS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5626) - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5629) - A flaw exists in the check_log_path() function within file sql/sys_vars.cc due to inadequate restrictions on the ability to write to the my.cnf configuration file and allowing the loading of configuration files from path locations not used by current versions. An authenticated, remote attacker can exploit this issue by using specially crafted queries that utilize logging functionality to create new files or append custom content to existing files. This allows the attacker to gain root privileges by inserting a custom .cnf file with a 'malloc_lib=' directive pointing to specially crafted mysql_hookandroot_lib.so file and thereby cause MySQL to load a malicious library the next time it is started. (CVE-2016-6662) - An unspecified flaw exists that allows an authenticated, remote attacker to bypass restrictions and create the /var/lib/mysql/my.cnf file with custom contents without the FILE privilege requirement. (CVE-2016-6663) - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.(CVE-2016-8283) - An unspecified flaw exists in the Security: Privileges subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-8286) - A flaw exists that is related to the use of temporary files by REPAIR TABLE. An authenticated, remote attacker can exploit this to gain elevated privileges. - A flaw exists in InnoDB when handling an operation that dropped and created a full-text search table. An authenticated, remote attacker can exploit this to trigger an assertion, resulting in a denial of service condition. - A flaw exists in InnoDB when accessing full-text auxiliary tables while dropping the indexed table. An authenticated, remote attacker can exploit this to trigger an assertion, resulting in a denial of service condition. - A buffer overflow condition exists when handling long integer values in MEDIUMINT columns due to the improper validation of certain input. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - An information disclosure vulnerability exists in the validate_password plugin due to passwords that have been rejected being written as plaintext to the error log. A local attacker can exploit this to more easily guess what passwords might have been chosen and accepted. - A flaw exists in InnoDB when handling an ALTER TABLE ... ENCRYPTION='Y', ALGORITHM=COPY operation that is applied to a table in the system tablespace. An authenticated, remote attacker can exploit this to trigger an assertion, resulting in a denial of service condition. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 93380
    published 2016-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93380
    title MySQL 5.7.x < 5.7.15 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1283.NASL
    description mysql-community-server was updated to 5.6.34 to fix the following issues : - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 31.html - fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 - fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append '--ignore-db-dir=lost+found' to the mysqld options in 'mysql-systemd-helper' script if 'lost+found' directory is found in $datadir [boo#986251] - remove syslog.target from *.service files [boo#983938] - add systemd to deps to build on leap and friends - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro - remove useless mysql@default.service [boo#971456] - replace all occurrences of the string '@sysconfdir@' with '/etc' in mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded properly [boo#990890] - remove '%define _rundir' as 13.1 is out of support scope - run 'usermod -g mysql mysql' only if mysql user is not in mysql group. Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have '/bin/false' shell set. - re-enable mysql profiling
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 94694
    published 2016-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94694
    title openSUSE Security Update : mysql-community-server (openSUSE-2016-1283)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1289.NASL
    description mysql-community-server was updated to 5.6.34 to fix the following issues : - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 31.html - fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 - fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append '--ignore-db-dir=lost+found' to the mysqld options in 'mysql-systemd-helper' script if 'lost+found' directory is found in $datadir [boo#986251] - remove syslog.target from *.service files [boo#983938] - add systemd to deps to build on leap and friends - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro - remove useless mysql@default.service [boo#971456] - replace all occurrences of the string '@sysconfdir@' with '/etc' in mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded properly [boo#990890] - remove '%define _rundir' as 13.1 is out of support scope - run 'usermod -g mysql mysql' only if mysql user is not in mysql group. Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have '/bin/false' shell set. - re-enable mysql profiling
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 94756
    published 2016-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94756
    title openSUSE Security Update : mysql-community-server (openSUSE-2016-1289)
  • NASL family Databases
    NASL id MYSQL_5_6_33_RPM.NASL
    description The version of MySQL running on the remote host is 5.6.x prior to 5.6.33. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5507) - A flaw exists in the check_log_path() function within file sql/sys_vars.cc due to inadequate restrictions on the ability to write to the my.cnf configuration file and allowing the loading of configuration files from path locations not used by current versions. An authenticated, remote attacker can exploit this issue by using specially crafted queries that utilize logging functionality to create new files or append custom content to existing files. This allows the attacker to gain root privileges by inserting a custom .cnf file with a 'malloc_lib=' directive pointing to specially crafted mysql_hookandroot_lib.so file and thereby cause MySQL to load a malicious library the next time it is started. (CVE-2016-6662) - An unspecified flaw exists that allows an authenticated, remote attacker to bypass restrictions and create the /var/lib/mysql/my.cnf file with custom contents without the FILE privilege requirement. (CVE-2016-6663) - A flaw exists that is related to the use of temporary files by REPAIR TABLE. An authenticated, remote attacker can exploit this to gain elevated privileges. - A flaw exists in InnoDB when handling an operation that dropped and created a full-text search table. An authenticated, remote attacker can exploit this to trigger an assertion, resulting in a denial of service condition. - A flaw exists in InnoDB when accessing full-text auxiliary tables while dropping the indexed table. An authenticated, remote attacker can exploit this to trigger an assertion, resulting in a denial of service condition. - A buffer overflow condition exists when handling long integer values in MEDIUMINT columns due to the improper validation of certain input. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - An unspecified flaw exists due to how a prepared statement uses a parameter in the select list of a derived table that was part of a join. An authenticated, remote attacker can exploit this to cause a server exit, resulting in a denial of service condition. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 93378
    published 2016-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93378
    title MySQL 5.6.x < 5.6.33 Multiple Vulnerabilities
  • NASL family Databases
    NASL id MYSQL_5_6_33.NASL
    description The version of MySQL running on the remote host is 5.6.x prior to 5.6.33. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5507) - A flaw exists in the check_log_path() function within file sql/sys_vars.cc due to inadequate restrictions on the ability to write to the my.cnf configuration file and allowing the loading of configuration files from path locations not used by current versions. An authenticated, remote attacker can exploit this issue by using specially crafted queries that utilize logging functionality to create new files or append custom content to existing files. This allows the attacker to gain root privileges by inserting a custom .cnf file with a 'malloc_lib=' directive pointing to specially crafted mysql_hookandroot_lib.so file and thereby cause MySQL to load a malicious library the next time it is started. (CVE-2016-6662) - An unspecified flaw exists that allows an authenticated, remote attacker to bypass restrictions and create the /var/lib/mysql/my.cnf file with custom contents without the FILE privilege requirement. (CVE-2016-6663) - A flaw exists that is related to the use of temporary files by REPAIR TABLE. An authenticated, remote attacker can exploit this to gain elevated privileges. - A flaw exists in InnoDB when handling an operation that dropped and created a full-text search table. An authenticated, remote attacker can exploit this to trigger an assertion, resulting in a denial of service condition. - A flaw exists in InnoDB when accessing full-text auxiliary tables while dropping the indexed table. An authenticated, remote attacker can exploit this to trigger an assertion, resulting in a denial of service condition. - A buffer overflow condition exists when handling long integer values in MEDIUMINT columns due to the improper validation of certain input. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - An unspecified flaw exists due to how a prepared statement uses a parameter in the select list of a derived table that was part of a join. An authenticated, remote attacker can exploit this to cause a server exit, resulting in a denial of service condition. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 93377
    published 2016-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93377
    title MySQL 5.6.x < 5.6.33 Multiple Vulnerabilities
redhat via4
advisories
rhsa
id RHSA-2016:2749
refmap via4
bid 93678
confirm http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
gentoo GLSA-201701-01
sectrack 1037050
Last major update 11-01-2017 - 15:18
Published 25-10-2016 - 10:29
Last modified 04-03-2019 - 12:46
Back to Top