ID de Prueba:	1.3.6.1.4.1.25623.1.0.809330
Categoría:	Databases
Título:	Oracle MySQL 'my.conf' Security Bypass Vulnerability - Windows
Resumen:	Oracle MySQL is prone to a security bypass vulnerability.;; This VT has been deprecated and replaced by the VT 'Oracle MySQL Security Updates (oct2016-2881722) 09 - Windows'; (OID: 1.3.6.1.4.1.25623.1.0.809386).
Descripción:	Summary: Oracle MySQL is prone to a security bypass vulnerability. This VT has been deprecated and replaced by the VT 'Oracle MySQL Security Updates (oct2016-2881722) 09 - Windows' (OID: 1.3.6.1.4.1.25623.1.0.809386). Vulnerability Insight: The flaw exists due to datadir is writable by the mysqld server, and a user that can connect to MySQL can create 'my.cnf' in the datadir using 'SELECT ... OUTFILE'. Vulnerability Impact: Successful exploitation will allow a local users to execute arbitrary code with root privileges by setting malloc_lib. Affected Software/OS: Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, and 5.7.x before 5.7.15. Solution: Upgrade to Oracle MySQL 5.5.52, or 5.6.33, or 5.7.15, or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6662 BugTraq ID: 92912 http://www.securityfocus.com/bid/92912 Debian Security Information: DSA-3666 (Google Search) http://www.debian.org/security/2016/dsa-3666 https://www.exploit-db.com/exploits/40360/ http://seclists.org/fulldisclosure/2016/Sep/23 https://security.gentoo.org/glsa/201701-01 http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html http://www.openwall.com/lists/oss-security/2016/09/12/3 RedHat Security Advisories: RHSA-2016:2058 http://rhn.redhat.com/errata/RHSA-2016-2058.html RedHat Security Advisories: RHSA-2016:2059 http://rhn.redhat.com/errata/RHSA-2016-2059.html RedHat Security Advisories: RHSA-2016:2060 http://rhn.redhat.com/errata/RHSA-2016-2060.html RedHat Security Advisories: RHSA-2016:2061 http://rhn.redhat.com/errata/RHSA-2016-2061.html RedHat Security Advisories: RHSA-2016:2062 http://rhn.redhat.com/errata/RHSA-2016-2062.html RedHat Security Advisories: RHSA-2016:2077 http://rhn.redhat.com/errata/RHSA-2016-2077.html RedHat Security Advisories: RHSA-2016:2130 http://rhn.redhat.com/errata/RHSA-2016-2130.html RedHat Security Advisories: RHSA-2016:2131 http://rhn.redhat.com/errata/RHSA-2016-2131.html RedHat Security Advisories: RHSA-2016:2595 http://rhn.redhat.com/errata/RHSA-2016-2595.html RedHat Security Advisories: RHSA-2016:2749 http://rhn.redhat.com/errata/RHSA-2016-2749.html RedHat Security Advisories: RHSA-2016:2927 http://rhn.redhat.com/errata/RHSA-2016-2927.html RedHat Security Advisories: RHSA-2016:2928 http://rhn.redhat.com/errata/RHSA-2016-2928.html RedHat Security Advisories: RHSA-2017:0184 http://rhn.redhat.com/errata/RHSA-2017-0184.html http://www.securitytracker.com/id/1036769
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.