Local User Vulnerability in MySQL and MariaDB on openSUSE and SUSE Linux Enterprise
CVE-2015-5969

6.2MEDIUM

Key Information:

Vendor
Suse
Status
Linux Enterprise Software Development Kit
Linux Enterprise Server
Linux Enterprise Workstation Extension
Linux Enterprise Desktop
Vendor
CVE Published:
8 April 2016

Summary

A vulnerability exists in the mysql-systemd-helper script of the mysql-community-server package, as well as in the mariadb package, on specific openSUSE and SUSE Linux Enterprise versions. This weakness allows local users to enumerate running processes and their arguments, potentially exposing sensitive database credentials to unauthorized individuals.

References

http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE
https://www.suse.com/support/update/announcement/2016/sus...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2016-02/msg000...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.