OpenSUSE Linux update for mariadb
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-6662 |
| CWE-ID | CWE-264 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Other Oracle Linux Operating systems & Components / Operating system |
| Vendor |
Oracle |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Arbitrary command execution
EUVDB-ID: #VU946
Risk: High
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-6662
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows an administrative user to execute arbitrary command on the target system.
The weakness exists due to insufficient access control that allows a malicious user to execute arbitrary command with root privileges that may lead to complete system compromise.
Successful exploitation of the vulnerability results in arbitrary code excution on the vulnerable system.
Update the affected packages.
: 5.5.50 - 5.7.15
:
Oracle Linux: 7
CPE2.3- cpe:2.3::::5.5.50:*:*:*:*:*:*:*
- cpe:2.3::::5.5.51:*:*:*:*:*:*:*
- cpe:2.3::::5.5.52:*:*:*:*:*:*:*
- cpe:2.3:::::*:*:*:*:*:*:*
- cpe:2.3:o:oracle:oracle_linux:7:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00003.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
