CVE-2016-0546

Published on: 01/20/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:13 PM UTC

AV:L/AC:L/Au:N/C:C/I:C/A:C

Certain versions of Ubuntu Linux from Canonical contain the following vulnerability:

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.

CVSS2 Score: 7.2 - HIGH

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
Oracle Solaris Bulletin - April 2016 Vendor Advisory
www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
[security-announce] SUSE-SU-2016:1619-1: important: Security update for Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1619
MySQL Multiple Bugs Let Remote Users Access Data and Deny Service, Remote Authenticated Users Modify Data, and Local Users Gain Elevated Privileges - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1034708
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0705
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:1481
MariaDB 5.5.47 Release Notes - MariaDB Knowledge Base Vendor Advisory
mariadb.com
text/html
URL Logo CONFIRM mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/
Debian -- Security Information -- DSA-3459-1 mysql-5.5 Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3459
[security-announce] openSUSE-SU-2016:1664-1: important: Security update Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1664
[security-announce] openSUSE-SU-2016:0367-1: important: Security update Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:0367
[security-announce] SUSE-SU-2016:1620-1: important: Security update for Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1620
[security-announce] openSUSE-SU-2016:1686-1: important: Security update Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1686
[security-announce] openSUSE-SU-2016:0377-1: important: Security update Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:0377
Oracle Linux Bulletin - April 2016 Vendor Advisory
www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Debian -- Security Information -- DSA-3453-1 mariadb-10.0 Patch
Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3453
Bug#21973610: BUFFER OVERFLOW ISSUES · mysql/[email protected] · GitHub Third Party Advisory
github.com
text/html
URL Logo CONFIRM github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0534
USN-2881-1: MySQL vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-2881-1
1301493 – (CVE-2016-0546) CVE-2016-0546 mysql: unspecified vulnerability in subcomponent: Client (CPU January 2016) Issue Tracking
Third Party Advisory
bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1301493
MySQL :: MySQL 5.6 Release Notes :: Changes in MySQL 5.6.28 (2015-12-07, General Availability) Vendor Advisory
dev.mysql.com
text/html
URL Logo CONFIRM dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html
MariaDB 10.0.23 Release Notes - MariaDB Knowledge Base Vendor Advisory
mariadb.com
text/html
URL Logo CONFIRM mariadb.com/kb/en/mdb-10023-rn/
Red Hat Customer Portal Third Party Advisory
access.redhat.com
text/html
URL Logo REDHAT RHSA-2016:1132
MySQL :: MySQL 5.5 Release Notes :: Changes in MySQL 5.5.47 (2015-12-07, General Availability) Vendor Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html
Oracle MySQL CVE-2016-0546 Local Security Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 81066
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:1480
MariaDB 10.1.10 Release Notes - MariaDB Knowledge Base Vendor Advisory
mariadb.com
text/html
URL Logo CONFIRM mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/
Oracle Critical Patch Update - January 2016 Vendor Advisory
www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.10AllAllAll
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.10AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
ApplicationMariadbMariadbAllAllAllAll
ApplicationMariadbMariadbAllAllAllAll
Operating
System
OpensuseLeap42.1AllAllAll
Operating
System
OpensuseLeap42.1AllAllAll
Operating
System
OpensuseOpensuse13.2AllAllAll
Operating
System
OpensuseOpensuse13.2AllAllAll
Operating
System
OracleLinux7AllAllAll
Operating
System
OracleLinux7AllAllAll
ApplicationOracleMysqlAllAllAllAll
ApplicationOracleMysqlAllAllAllAll
ApplicationOracleMysqlAllAllAllAll
Operating
System
OracleSolaris11.3AllAllAll
Operating
System
OracleSolaris11.3AllAllAll
Operating
System
RedhatEnterprise Linux6.0AllAllAll
Operating
System
RedhatEnterprise Linux7.0AllAllAll
Operating
System
RedhatEnterprise Linux6.0AllAllAll
Operating
System
RedhatEnterprise Linux7.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop7.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop7.0AllAllAll
Operating
System
RedhatEnterprise Linux Hpc Node7.0AllAllAll
Operating
System
RedhatEnterprise Linux Hpc Node7.0AllAllAll
Operating
System
RedhatEnterprise Linux Hpc Node Eus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Hpc Node Eus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server7.0AllAllAll
Operating
System
RedhatEnterprise Linux Server7.0AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Workstation7.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation7.0AllAllAll
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*: