OpenSUSE Linux update for mariadb



Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2016-6662
CWE-ID CWE-264
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software

Other

Oracle Linux
Operating systems & Components / Operating system

Vendor
Oracle

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Arbitrary command execution

EUVDB-ID: #VU946

Risk: High

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2016-6662

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows an administrative user to execute arbitrary command on the target system.
The weakness exists due to insufficient access control that allows a malicious user to execute arbitrary command with root privileges that may lead to complete system compromise.
Successful exploitation of the vulnerability results in arbitrary code excution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

: 5.5.50 - 5.7.15

:

Oracle Linux: 7

CPE2.3 External links

https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00003.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###