PT-2016-6602 · Oracle +6 · Mysql Server +5

Published

2016-09-13

·

Updated

2023-12-29

·

CVE-2016-5629

Report an issue
CVSS v3.1
4.9
VectorAV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions:

Oracle MySQL versions 5.5.51 and earlier

Oracle MySQL versions 5.6.32 and earlier

Oracle MySQL versions 5.7.14 and earlier

Description:

The issue allows remote administrators to affect availability via vectors related to Server: Federated. It is an easily exploitable vulnerability that can be compromised by a high privileged attacker with network access via multiple protocols, resulting in the unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server.

Recommendations:

For Oracle MySQL versions 5.5.51 and earlier, update to a version later than 5.5.51 to resolve the issue.

For Oracle MySQL versions 5.6.32 and earlier, update to a version later than 5.6.32 to resolve the issue.

For Oracle MySQL versions 5.7.14 and earlier, update to a version later than 5.7.14 to resolve the issue.

As a temporary workaround, consider restricting access to the Server: Federated component to minimize the risk of exploitation.

Exploit

Fix

Related Identifiers

ALT-PU-2016-2177
ALT-PU-2016-2238
CESA-2016_2595
CVE-2016-5629
DSA-3711-1
MGASA-2016-0371
OPENSUSE-SU-2016_2769-1
OPENSUSE-SU-2016_2788-1
OPENSUSE-SU-2016_3025-1
OPENSUSE-SU-2016_3028-1
OPENSUSE-SU-2024:10200-1
RHSA-2016:2130
RHSA-2016:2131
RHSA-2016:2595
RHSA-2016:2749
RHSA-2016:2927
RHSA-2016:2928
RHSA-2016_2595
SUSE-RU-2023:3956-1
SUSE-RU-2023:4991-1
SUSE-SU-2016:2932-1
SUSE-SU-2016:2933-1

Affected Products

Alt Linux
Centos
Mariadb Server
Mysql Server
Red Hat
Suse