CVE-2016-6656 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2016-6656?

CVE-2016-6656 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-6656?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Greenplum.

Vulnerability Description

An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser 'gpadmin' access to the system or have been granted GPHDFS protocol permissions in order to create a GPHDFS external table.

CVSS Score

7.2

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Pivotal Software	Greenplum	<= 4.3.9.1

Related Weaknesses (CWE)

CWE-77

References

http://www.securityfocus.com/bid/94954
https://pivotal.io/security/cve-2016-6656MitigationVendor Advisory
http://www.securityfocus.com/bid/94954
https://pivotal.io/security/cve-2016-6656MitigationVendor Advisory

FAQ

What is CVE-2016-6656?

CVE-2016-6656 is a vulnerability with a CVSS score of 7.2 (HIGH). An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order...

How severe is CVE-2016-6656?

CVE-2016-6656 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-6656?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Greenplum.