CVE-2016-6656: Command Injection
First published: Fri Dec 16 2016(Updated: )
An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser 'gpadmin' access to the system or have been granted GPHDFS protocol permissions in order to create a GPHDFS external table.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Greenplum | <=4.3.9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2016-6656?
CVE-2016-6656 is categorized as a high severity vulnerability due to the potential for arbitrary command injection.
How can I fix CVE-2016-6656?
To mitigate CVE-2016-6656, upgrade Pivotal Greenplum to version 4.3.10.0 or later where the vulnerability has been addressed.
Who is affected by CVE-2016-6656?
CVE-2016-6656 affects users of Pivotal Greenplum versions prior to 4.3.10.0 with superuser 'gpadmin' access.
What permissions are required to exploit CVE-2016-6656?
Exploitation of CVE-2016-6656 requires superuser 'gpadmin' access or equivalent privileges on the system.
What impact does CVE-2016-6656 have on the system?
CVE-2016-6656 allows for arbitrary command injection, which can lead to unauthorized execution of commands on the affected system.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/author
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/pivotal software
- canonical/greenplum
- version/greenplum/4.3.9.1