CVE-2016-3471 — HIGH (7.5) — White Hats Nepal

Q: What is CVE-2016-3471?

CVE-2016-3471 is a vulnerability with a CVSS score of 7.5 (HIGH). Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.

Q: How severe is CVE-2016-3471?

CVE-2016-3471 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-3471?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Mysql, Redhat Enterprise Linux, Mariadb Mariadb.

Vulnerability Description

Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Oracle	Mysql	>= 5.5.0, <= 5.5.45
Redhat	Enterprise Linux	6.0
Mariadb	Mariadb	>= 5.5.0, < 5.5.46

References

http://rhn.redhat.com/errata/RHSA-2016-0534.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0705.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1480.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1481.htmlThird Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlPatchVendor Advisory
http://www.securityfocus.com/bid/91787Third Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/91913Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1036362Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2016:1132Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0534.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0705.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1480.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1481.htmlThird Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlPatchVendor Advisory
http://www.securityfocus.com/bid/91787Third Party AdvisoryVDB Entry

FAQ

What is CVE-2016-3471?

CVE-2016-3471 is a vulnerability with a CVSS score of 7.5 (HIGH). Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.

How severe is CVE-2016-3471?

CVE-2016-3471 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-3471?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Mysql, Redhat Enterprise Linux, Mariadb Mariadb.