PT-2016-3701 · Mariadb+2 · Mariadb+2

Johannes Segitz

·

Publicado

2016-02-01

·

Atualizado

2024-06-15

·

CVE-2015-5969

CVSS v2.0

2.1

Baixa

VetorAV:L/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions mysql-community-server versions prior to 5.6.28-2.17.1 mysql-community-server versions prior to 5.6.28-13.1 mariadb versions prior to 10.0.22-2.21.2 mariadb versions prior to 10.0.22-3.1
Description The issue allows local users to discover database credentials by listing a process and its arguments. This is due to a flaw in the mysql-systemd-helper script.
Recommendations For mysql-community-server versions prior to 5.6.28-2.17.1, update to version 5.6.28-2.17.1 or later. For mysql-community-server versions prior to 5.6.28-13.1, update to version 5.6.28-13.1 or later. For mariadb versions prior to 10.0.22-2.21.2, update to version 10.0.22-2.21.2 or later. For mariadb versions prior to 10.0.22-3.1, update to version 10.0.22-3.1 or later.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2015-5969
OPENSUSE-SU-2016_0367-1
OPENSUSE-SU-2024:10153-1
SUSE-RU-2023:3956-1
SUSE-RU-2023:4991-1
SUSE-SU-2016:0296-1

Produtos afetados

Suse
Mariadb
Mysql Community Server