SB2016101716 - Arbitrary command execution in mariadb (Alpine package)
Published: October 17, 2016
Security Bulletin ID
SB2016101716
CSH Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Arbitrary command execution (CVE-ID: CVE-2016-6662)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
The vulnerability allows an administrative user to execute arbitrary command on the target system.
The weakness exists due to insufficient access control that allows a malicious user to execute arbitrary command with root privileges that may lead to complete system compromise.
Successful exploitation of the vulnerability results in arbitrary code excution on the vulnerable system.
Remediation
Install update from vendor's website.