CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
94.6%
The version of MySQL running on the remote host is 5.6.x prior to 5.6.31. It is, therefore, affected by multiple vulnerabilities :
A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)
An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information.
(CVE-2016-3452)
An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459)
An unspecified flaw exists in the Options subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3471)
An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477)
An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3486)
An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3501)
An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521)
An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.
(CVE-2016-3614)
An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615)
An unspecified flaw exists in the Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.
(CVE-2016-5439)
An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440)
An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information.
(CVE-2016-5444)
An unspecified flaw exists in the InnoDB Plugin subcomponent that allows an authenticated, remote attacker to impact integrity. (CVE-2016-8288)
Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.
A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.
Multiple overflow conditions exist in the InnoDB memcached plugin due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.
An unspecified flaw exists that is triggered when invoking Enterprise Encryption functions in multiple threads simultaneously or after creating and dropping them. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.
An unspecified flaw exists that is triggered when handling a ‘SELECT … GROUP BY … FOR UPDATE’ query executed with a loose index scan. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(91995);
script_version("1.16");
script_cvs_date("Date: 2019/11/14");
script_cve_id(
"CVE-2016-2105",
"CVE-2016-3452",
"CVE-2016-3459",
"CVE-2016-3471",
"CVE-2016-3477",
"CVE-2016-3486",
"CVE-2016-3501",
"CVE-2016-3521",
"CVE-2016-3614",
"CVE-2016-3615",
"CVE-2016-5439",
"CVE-2016-5440",
"CVE-2016-5444",
"CVE-2016-8288"
);
script_bugtraq_id(
89757,
91902,
91913,
91932,
91943,
91949,
91953,
91960,
91969,
91980,
91987,
91992,
91999,
93740
);
script_name(english:"MySQL 5.6.x < 5.6.31 Multiple Vulnerabilities");
script_summary(english:"Checks the version of MySQL server.");
script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of MySQL running on the remote host is 5.6.x prior to
5.6.31. It is, therefore, affected by multiple vulnerabilities :
- A heap buffer overflow condition exists in the
EVP_EncodeUpdate() function within file
crypto/evp/encode.c that is triggered when handling
a large amount of input data. An unauthenticated, remote
attacker can exploit this to cause a denial of service
condition. (CVE-2016-2105)
- An unspecified flaw exists in the Security: Encryption
subcomponent that allows an unauthenticated, remote
attacker to disclose sensitive information.
(CVE-2016-3452)
- An unspecified flaw exists in the InnoDB subcomponent
that allows an authenticated, remote attacker to cause a
denial of service condition. (CVE-2016-3459)
- An unspecified flaw exists in the Options subcomponent
that allows a local attacker to gain elevated
privileges. (CVE-2016-3471)
- An unspecified flaw exists in the Parser subcomponent
that allows a local attacker to gain elevated
privileges. (CVE-2016-3477)
- An unspecified flaw exists in the FTS subcomponent that
allows an authenticated, remote attacker to cause a
denial of service condition. (CVE-2016-3486)
- An unspecified flaw exists in the Optimizer subcomponent
that allows an authenticated, remote attacker to cause a
denial of service condition. (CVE-2016-3501)
- An unspecified flaw exists in the Types subcomponent
that allows an authenticated, remote attacker to cause
a denial of service condition. (CVE-2016-3521)
- An unspecified flaw exists in the Security: Encryption
subcomponent that allows an authenticated, remote
attacker to cause a denial of service condition.
(CVE-2016-3614)
- An unspecified flaw exists in the DML subcomponent that
allows an authenticated, remote attacker to cause a
denial of service condition. (CVE-2016-3615)
- An unspecified flaw exists in the Privileges
subcomponent that allows an authenticated, remote
attacker to cause a denial of service condition.
(CVE-2016-5439)
- An unspecified flaw exists in the RBR subcomponent that
allows an authenticated, remote attacker to cause a
denial of service condition. (CVE-2016-5440)
- An unspecified flaw exists in the Connection
subcomponent that allows an unauthenticated, remote
attacker to disclose sensitive information.
(CVE-2016-5444)
- An unspecified flaw exists in the InnoDB Plugin
subcomponent that allows an authenticated, remote
attacker to impact integrity. (CVE-2016-8288)
- Multiple overflow conditions exist due to improper
validation of user-supplied input. An authenticated,
remote attacker can exploit these issues to cause a
denial of service condition or the execution of
arbitrary code.
- A NULL pointer dereference flaw exists in a parser
structure that is triggered during the validation of
stored procedure names. An authenticated, remote
attacker can exploit this to crash the database,
resulting in a denial of service condition.
- Multiple overflow conditions exist in the InnoDB
memcached plugin due to improper validation of
user-supplied input. An authenticated, remote attacker
can exploit these issues to cause a denial of service
condition or the execution of arbitrary code.
- An unspecified flaw exists that is triggered when
invoking Enterprise Encryption functions in multiple
threads simultaneously or after creating and dropping
them. An authenticated, remote attacker can exploit this
to crash the database, resulting in a denial of service
condition.
- An unspecified flaw exists that is triggered when
handling a 'SELECT ... GROUP BY ... FOR UPDATE' query
executed with a loose index scan. An authenticated,
remote attacker can exploit this to crash the database,
resulting in a denial of service condition.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
# http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?453b5f8c");
# http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bac902d5");
script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to MySQL version 5.6.31 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3471");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/03");
script_set_attribute(attribute:"patch_publication_date", value:"2016/07/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/20");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mysql_version.nasl", "mysql_login.nasl");
script_require_keys("Settings/ParanoidReport");
script_require_ports("Services/mysql", 3306);
exit(0);
}
include("mysql_version.inc");
mysql_check_version(fixed:'5.6.31', min:'5.6', severity:SECURITY_HOLE);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3452
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3459
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3471
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3477
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3486
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3501
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3521
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3614
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3615
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5439
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5440
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5444
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8288
www.nessus.org/u?453b5f8c
www.nessus.org/u?bac902d5
dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
94.6%