Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2017.1169
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2017-1169)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'mariadb' package(s) announced via the EulerOS-SA-2017-1169 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'mariadb' package(s) announced via the EulerOS-SA-2017-1169 advisory. Vulnerability Insight: It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600) A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664) Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265) It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291) Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312) A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. (CVE-2017-3302) This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464) Affected Software/OS: 'mariadb' package(s) on Huawei EulerOS V2.0SP1. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5483 Common Vulnerability Exposure (CVE) ID: CVE-2016-5617 Common Vulnerability Exposure (CVE) ID: CVE-2016-6664 BugTraq ID: 93612 http://www.securityfocus.com/bid/93612 Bugtraq: 20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) (Google Search) http://www.securityfocus.com/archive/1/539695/100/0/threaded Debian Security Information: DSA-3770 (Google Search) http://www.debian.org/security/2017/dsa-3770 https://www.exploit-db.com/exploits/40679/ http://seclists.org/fulldisclosure/2016/Nov/4 https://security.gentoo.org/glsa/201702-18 http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html RedHat Security Advisories: RHSA-2016:2130 http://rhn.redhat.com/errata/RHSA-2016-2130.html RedHat Security Advisories: RHSA-2016:2749 http://rhn.redhat.com/errata/RHSA-2016-2749.html RedHat Security Advisories: RHSA-2017:2192 https://access.redhat.com/errata/RHSA-2017:2192 RedHat Security Advisories: RHSA-2018:0279 https://access.redhat.com/errata/RHSA-2018:0279 RedHat Security Advisories: RHSA-2018:0574 https://access.redhat.com/errata/RHSA-2018:0574 Common Vulnerability Exposure (CVE) ID: CVE-2017-3238 BugTraq ID: 95571 http://www.securityfocus.com/bid/95571 Debian Security Information: DSA-3767 (Google Search) http://www.debian.org/security/2017/dsa-3767 https://security.gentoo.org/glsa/201702-17 RedHat Security Advisories: RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2787 RedHat Security Advisories: RHSA-2017:2886 https://access.redhat.com/errata/RHSA-2017:2886 http://www.securitytracker.com/id/1037640 Common Vulnerability Exposure (CVE) ID: CVE-2017-3243 BugTraq ID: 95538 http://www.securityfocus.com/bid/95538 Common Vulnerability Exposure (CVE) ID: CVE-2017-3244 BugTraq ID: 95565 http://www.securityfocus.com/bid/95565 Common Vulnerability Exposure (CVE) ID: CVE-2017-3258 BugTraq ID: 95560 http://www.securityfocus.com/bid/95560 Common Vulnerability Exposure (CVE) ID: CVE-2017-3265 BugTraq ID: 95520 http://www.securityfocus.com/bid/95520 Common Vulnerability Exposure (CVE) ID: CVE-2017-3291 BugTraq ID: 95501 http://www.securityfocus.com/bid/95501 Common Vulnerability Exposure (CVE) ID: CVE-2017-3302 BugTraq ID: 96162 http://www.securityfocus.com/bid/96162 Debian Security Information: DSA-3809 (Google Search) http://www.debian.org/security/2017/dsa-3809 Debian Security Information: DSA-3834 (Google Search) http://www.debian.org/security/2017/dsa-3834 http://www.openwall.com/lists/oss-security/2017/02/11/11 http://www.securitytracker.com/id/1038287 Common Vulnerability Exposure (CVE) ID: CVE-2017-3308 BugTraq ID: 97725 http://www.securityfocus.com/bid/97725 Debian Security Information: DSA-3944 (Google Search) http://www.debian.org/security/2017/dsa-3944 Common Vulnerability Exposure (CVE) ID: CVE-2017-3309 BugTraq ID: 97742 http://www.securityfocus.com/bid/97742 Common Vulnerability Exposure (CVE) ID: CVE-2017-3312 BugTraq ID: 95491 http://www.securityfocus.com/bid/95491 Common Vulnerability Exposure (CVE) ID: CVE-2017-3313 BugTraq ID: 95527 http://www.securityfocus.com/bid/95527 Common Vulnerability Exposure (CVE) ID: CVE-2017-3317 BugTraq ID: 95585 http://www.securityfocus.com/bid/95585 Common Vulnerability Exposure (CVE) ID: CVE-2017-3318 BugTraq ID: 95588 http://www.securityfocus.com/bid/95588 Common Vulnerability Exposure (CVE) ID: CVE-2017-3453 BugTraq ID: 97776 http://www.securityfocus.com/bid/97776 Common Vulnerability Exposure (CVE) ID: CVE-2017-3456 BugTraq ID: 97831 http://www.securityfocus.com/bid/97831 Common Vulnerability Exposure (CVE) ID: CVE-2017-3464 BugTraq ID: 97818 http://www.securityfocus.com/bid/97818 Common Vulnerability Exposure (CVE) ID: CVE-2017-3600 BugTraq ID: 97765 http://www.securityfocus.com/bid/97765 RedHat Security Advisories: RHSA-2016:2927 http://rhn.redhat.com/errata/RHSA-2016-2927.html RedHat Security Advisories: RHSA-2016:2928 http://rhn.redhat.com/errata/RHSA-2016-2928.html Common Vulnerability Exposure (CVE) ID: CVE-2017-3651 BugTraq ID: 99802 http://www.securityfocus.com/bid/99802 Debian Security Information: DSA-3922 (Google Search) http://www.debian.org/security/2017/dsa-3922 RedHat Security Advisories: RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2439 RedHat Security Advisories: RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2018:2729 http://www.securitytracker.com/id/1038928
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.