FreeBSD : Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662 (dc596a17-7a9e-11e6-b034-f0def167eeea)

high Nessus Plugin ID 95309

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

LegalHackers' reports :

RCE Bugs discovered in MySQL and its variants like MariaDB. It works by manipulating my.cnf files and using --malloc-lib. The bug seems fixed in MySQL 5.7.15 by Oracle

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?fbd97f45

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html

http://www.nessus.org/u?59cc1293

Plugin Details

Severity: High

ID: 95309

File Name: freebsd_pkg_dc596a177a9e11e6b034f0def167eeea.nasl

Version: 3.4

Type: local

Published: 11/25/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mysql55-client, p-cpe:/a:freebsd:freebsd:mysql55-server, p-cpe:/a:freebsd:freebsd:mysql56-client, p-cpe:/a:freebsd:freebsd:mysql56-server, p-cpe:/a:freebsd:freebsd:mysql57-client, p-cpe:/a:freebsd:freebsd:mysql57-server, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/24/2016

Vulnerability Publication Date: 9/12/2016