#VU33801 Input validation error in MariaDB - CVE-2016-0666

Cybersecurity Help s.r.o.

Published: 2016-04-21 | Updated: 2020-08-04

Vulnerability identifier: #VU33801

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-0666

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
MariaDB
Server applications / Database software

Vendor: MariaDB Foundation

Description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.

Mitigation
Install update from vendor's website.

Vulnerable software versions

MariaDB: 5.5.20 - 5.5.48, 10.0.0 - 10.0.24, 10.1.0 - 10.1.13

External links
https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html
https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html
https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html
https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html
https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html
https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html
https://rhn.redhat.com/errata/RHSA-2016-0705.html
https://rhn.redhat.com/errata/RHSA-2016-1480.html
https://rhn.redhat.com/errata/RHSA-2016-1481.html
https://rhn.redhat.com/errata/RHSA-2016-1602.html
https://www.debian.org/security/2016/dsa-3557
https://www.debian.org/security/2016/dsa-3595
https://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
https://www.securityfocus.com/bid/86509
https://www.securitytracker.com/id/1035606
https://www.ubuntu.com/usn/USN-2953-1
https://www.ubuntu.com/usn/USN-2954-1
https://www-01.ibm.com/support/docview.wss?uid=isg3T1024168
https://access.redhat.com/errata/RHSA-2016:1132
https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Input validation error in mariadb (Alpine package)

Input validation error in MariaDB