Document MySQL root code execution vulnerability.

svn path=/head/; revision=421985
2016-09-13 08:05:42 +00:00 · 2016-09-13 08:05:42 +00:00 · b8bd683215 · 2021-03-31 03:12:20 +00:00
commit b8bd683215
parent 8a7b05b1cc
1 changed files with 69 additions and 0 deletions
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -58,6 +58,73 @@ Notes:
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="856b88bf-7984-11e6-81e7-d050996490d0">
+    <topic>mysql -- Remote Root Code Execution</topic>
+    <affects>
+      <package>
+	<name>mariadb55-server</name>
+	<range><lt>5.5.51</lt></range>
+      </package>
+      <package>
+	<name>mariadb100-server</name>
+	<range><lt>10.0.27</lt></range>
+      </package>
+      <package>
+	<name>mariadb101-server</name>
+	<range><lt>10.1.17</lt></range>
+      </package>
+      <package>
+	<name>mysql55-server</name>
+	<range><lt>5.5.52</lt></range>
+      </package>
+      <package>
+	<name>mysql56-server</name>
+	<range><lt>5.6.33</lt></range>
+      </package>
+      <package>
+	<name>mysql57-server</name>
+	<range><lt>5.7.15</lt></range>
+      </package>
+      <package>
+	<name>percona55-server</name>
+	<range><lt>5.5.51.38.1</lt></range>
+      </package>
+      <package>
+	<name>percona56-server</name>
+	<range><lt>5.6.32.78.0</lt></range>
+      </package>
+      <package>
+	<name>percona57-server</name>
+	<range><lt>5.7.14.7</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Dawid Golunski reports:</p>
+	<blockquote cite="http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.txt">
+	  <p>An independent research has revealed multiple severe MySQL
+	    vulnerabilities.  This advisory focuses on a critical
+	    vulnerability with a CVEID of CVE-2016-6662 which can allow
+	    attackers to (remotely) inject malicious settings into MySQL
+	    configuration files (my.cnf) leading to critical
+	    consequences.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2016-6662</cvename>
+      <url>http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.txt</url>
+      <url>https://jira.mariadb.org/browse/MDEV-10465</url>
+      <url>https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/</url>
+      <url>https://www.percona.com/blog/2016/09/12/database-affected-cve-2016-6662/</url>
+      <url>https://www.psce.com/blog/2016/09/12/how-to-quickly-patch-mysql-server-against-cve-2016-6662/</url>
+    </references>
+    <dates>
+      <discovery>2016-09-12</discovery>
+      <entry>2016-09-13</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="331eabb3-85b1-466a-a2af-66ac864d395a">
    <topic>wolfssl -- leakage of private key information</topic>
    <affects>
@ -83,6 +150,7 @@ Notes:
      <entry>2016-01-05</entry>
    </dates>
  </vuln>
+
  <vuln vid="3d1372e1-7822-4fd8-b56e-5ee832afbd96">
    <topic>wolfssl -- DDoS amplification in DTLS</topic>
    <affects>
@ -108,6 +176,7 @@ Notes:
      <entry>2016-01-05</entry>
    </dates>
  </vuln>
+
  <vuln vid="a0128291-7690-11e6-95a8-0011d823eebd">
    <topic>gnutls -- OCSP validation issue</topic>
    <affects>