Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2016-6662

Published: 20/09/2016 Updated: 04/08/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Oracle

Vulnerability Summary

Oracle MySQL up to and including 5.5.52, 5.6.x up to and including 5.6.33, and 5.7.x up to and including 5.7.15; MariaDB prior to 5.5.51, 10.0.x prior to 10.0.27, and 10.1.x prior to 10.1.17; and Percona Server prior to 5.5.51-38.1, 5.6.x prior to 5.6.32-78.0, and 5.7.x prior to 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle mysql

percona percona server

mariadb mariadb

debian debian linux 8.0

redhat enterprise linux server eus 7.3

redhat enterprise linux server eus 7.4

redhat enterprise linux server eus 7.5

redhat enterprise linux server eus 7.6

redhat enterprise linux server tus 7.3

redhat enterprise linux server aus 7.4

redhat openstack 9

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server 6.0

redhat enterprise linux server tus 7.6

redhat openstack 5.0

redhat openstack 6.0

redhat openstack 7.0

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.6

redhat openstack 8

redhat enterprise linux 7.0

redhat enterprise linux desktop 6.0

redhat enterprise linux workstation 6.0

Vendor Advisories

Ubuntu Security Notice: mysql-5.5, mysql-5.7 vulnerability
MySQL could be made to run programs as an administrator ...
Debian Security Advisories: DSA-3666-1 mysql-5.5 -- security update
Dawid Golunski discovered that the mysqld_safe wrapper provided by the MySQL database server insufficiently restricted the load path for custom malloc implementations, which could result in privilege escalation The vulnerability was addressed by upgrading MySQL to the new upstream version 5552, which includes additional changes, such as performa ...
Debian CVElist Bug Report Logs: Security fixes from the January 2017 CPU
Debian Bug report logs - #851233 Security fixes from the January 2017 CPU Package: src:mysql-55; Maintainer for src:mysql-55 is Debian MySQL Maintainers <pkg-mysql-maint@listsaliothdebianorg>; Reported by: "Norvald H Ryeng" <norvaldryeng@oraclecom> Date: Fri, 13 Jan 2017 08:24:01 UTC Severity: grave Tags: fix ...
Debian CVElist Bug Report Logs: Security fixes from the October 2016 CPU
Debian Bug report logs - #841049 Security fixes from the October 2016 CPU Package: src:mysql-56; Maintainer for src:mysql-56 is (unknown); Reported by: "Norvald H Ryeng" <norvaldryeng@oraclecom> Date: Mon, 17 Oct 2016 08:33:02 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in version mysql-56/56 ...
Red Hat: Important: mariadb-galera security and bug fix update
Synopsis Important: mariadb-galera security and bug fix update Type/Severity Security Advisory: Important Topic An update for mariadb-galera is now available for Red Hat OpenStack Platform 80 (Liberty)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...
Red Hat: Important: mysql security update
Synopsis Important: mysql security update Type/Severity Security Advisory: Important Topic An update for mysql is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whi ...
Red Hat: Important: rh-mariadb101-mariadb security update
Synopsis Important: rh-mariadb101-mariadb security update Type/Severity Security Advisory: Important Topic An update for rh-mariadb101-mariadb is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Red Hat: Important: mariadb-galera security and bug fix update
Synopsis Important: mariadb-galera security and bug fix update Type/Severity Security Advisory: Important Topic An update for mariadb-galera is now available for Red Hat Enterprise Linux OpenStack Platform 70 (Kilo) for RHEL 7Red Hat Product Security has rated this update as having a security impact of Im ...
Red Hat: Important: rh-mariadb100-mariadb security update
Synopsis Important: rh-mariadb100-mariadb security update Type/Severity Security Advisory: Important Topic An update for rh-mariadb100-mariadb is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Red Hat: Important: mariadb-galera security and bug fix update
Synopsis Important: mariadb-galera security and bug fix update Type/Severity Security Advisory: Important Topic An update for mariadb-galera is now available for Red Hat Enterprise Linux OpenStack Platform 50 (Icehouse) for RHEL 7Red Hat Product Security has rated this update as having a security impact o ...
Red Hat: Important: mariadb-galera security update
Synopsis Important: mariadb-galera security update Type/Severity Security Advisory: Important Topic An update for mariadb-galera is now available for Red Hat Enterprise Linux OpenStack Platform 50 (Icehouse) for RHEL 6Red Hat Product Security has rated this update as having a security impact of Important ...
Red Hat: Important: mariadb55-mariadb security update
Synopsis Important: mariadb55-mariadb security update Type/Severity Security Advisory: Important Topic An update for mariadb55-mariadb is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: mariadb-galera security update
Synopsis Important: mariadb-galera security update Type/Severity Security Advisory: Important Topic An update for mariadb-galera is now available for Red Hat OpenStack Platform 90 (Mitaka)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scorin ...
Red Hat: Important: mariadb-galera security and bug fix update
Synopsis Important: mariadb-galera security and bug fix update Type/Severity Security Advisory: Important Topic An update for mariadb-galera is now available for Red Hat Enterprise Linux OpenStack Platform 60 (Juno) for RHEL 7Red Hat Product Security has rated this update as having a security impact of Im ...
Red Hat: Important: mysql55-mysql security update
Synopsis Important: mysql55-mysql security update Type/Severity Security Advisory: Important Topic An update for mysql55-mysql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Red Hat: Important: rh-mysql56-mysql security update
Synopsis Important: rh-mysql56-mysql security update Type/Severity Security Advisory: Important Topic An update for rh-mysql56-mysql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Amazon Linux AMI: ALAS-2016-756
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server ...
Amazon Linux AMI: ALAS-2017-800
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server (CVE-2016-6662) A race condition was found in the way My ...
Red Hat: CVE-2016-6662
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server ...

Exploits

Exploit DB: MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation
#!/usr/bin/python # # MySQL / MariaDB / Percona - Remote Root Code Execution / PrivEsc PoC Exploit # (CVE-2016-6662) # 0ldSQL_MySQL_RCE_exploitpy (ver 10) # # For testing purposes only Do no harm # # Discovered/Coded by: # # Dawid Golunski # legalhackerscom # # # This is a limited version of the PoC exploit It only allows appending ...
Exploit DB: MySQL 5.7.15 / 5.6.33 / 5.5.52 Remote Code Execution
MySQL versions 5715 and below, 5633 and below, and 5552 and below suffer from remote root code execution and privilege escalation vulnerabilities ...
Exploit DB: MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition
An independent research has revealed a race condition vulnerability which affects MySQL, MariaDB and PerconaDB databases The vulnerability can allow a local system user with access to the affected database in the context of a low-privileged account (CREATE/INSERT/SELECT grants) to escalate their privileges and execute arbitrary code as the databas ...
Exploit DB: MySQL / MariaDB / PerconaDB Root Privilege Escalation
MySQL-based databases including MySQL, MariaDB and PerconaDB are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user to further escalate their privileges to root user allowing them to fully compromise the system The vulnerability stems from unsafe file handling of error logs and othe ...

Github Repositories

https://github.com/zer0yu/How-to-Hack-Like-a-Pornstar

《How to Hack Like a Pornstar》中文翻译

{width="8258333333333333in" height="11806742125984252in"} How to Hack Like a Pornstar Master the secrets of hacking through real-life hacking scenarios 通过现实生活中的黑客场景掌握黑客攻击的秘密 Copyright © 2017 Sparc FLOW 本书籍由0penSec内部翻译,由z3r0yu修订,在不侵害原版权商和原作者的前提下,进

https://github.com/meersjo/ansible-mysql-cve-2016-6662

Simple ansible playbook to patch mysql servers against CVE-2016-6662

ansible-mysql-cve-2016-6662 Simple ansible playbook to patch mysql servers against CVE-2016-6662 UPDATE 201609152347CEST: Kenny informed me of Patrick Forsberg's catch that the original patch did not safeguard against / abuse I've now replaced the patch with one that is more stringent (based on a mix of the Percona and MySQL ones), and also added a task that re

https://github.com/MAYASEVEN/CVE-2016-6662

From SQL injection to root shell with CVE-2016-6662 by MaYaSeVeN

CVE-2016-6662 From SQL injection to root shell with CVE-2016-6662 by MaYaSeVeN Proof of Concept: wwwyoutubecom/watch?v=lyc7GFE3q2U

https://github.com/boompig/cve-2016-6662

About Some help to explot CVE-2016-6662 Warnings Make sure to change the attacker IP in the c file before compiling Credit All credit to original discoverer Writeups here: legalhackerscom/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662html Discussion here: wwwredditcom/r/netsec/comments/52dgxh/mysql_remote_root_code_execution_privil

https://github.com/konstantin-kelemen/mysqld_safe-CVE-2016-6662-patch

MySQL server CVE-2016-6662 patch playbook

MySQL server CVE-2016-6662 patch playbook How it works It adds the Percona fix to the mysqld_safe file Which operating systems are supported CentOS FreeBSD How to use it ansible-playbook mysqld-safe-patchyml

https://github.com/kyawthiha7/pentest-methodology

Penetration Testing Methodology Penetration testing Process, Methods and Real world Attacks Collections Framework and Testing Guide OWASP - Open Web Applicaiton Security Project PTES- Penetration Testing Execution Standard PCI DSS PCI Penetration Testing Guide PTF - Penetration Testing Framework OSSTMM - Open Source Security Testing Methodology Manual Pre Engagement VMware

Recent Articles

Vuln hunter finds nasty shared server god mode database hack holes
The Register • Darren Pauli • 03 Nov 2016

MySQL, MariaDB, and Percona pwned.

Dangerous since-patched vulnerabilities in MySQL, MariaDB, and Percona's Server and XtraDB Cluster have been found that, when chained, allow attackers in shared environments complete compromise of servers. The database servers are among the world's most popular and count all major tech giants as customers including Google and its properties; Facebook; Twitter; eBay; Cisco; Amazon and Netflix, plus scores more. Legalhackers vulnerability hunter Dawid Golunski (@dawid_golunski) says the race condi...

Read more...
Bad news: MySQL can dish out root access to cunning miscreants
The Register • Chris Williams, Editor in Chief • 13 Sep 2016

Good news: Oracle sneaked some patches out

Updated Security holes in MySQL can be abused to gain remote root access on poorly configured servers, it emerged on Monday. Patches to fix up the programming blunders were quietly released last week. The flaws are present in all default installations of MySQL 5.5, 5.6 and 5.7. Grab versions 5.5.52, 5.6.33 and 5.7.15 to avoid any trouble. The bugs were discovered by Dawid Golunski, who says he reported them to MySQL overseer Oracle on July 29. He found that you can misuse an SQL command to write...

Read more...

References

CWE-264http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.htmlhttps://jira.mariadb.org/browse/MDEV-10465https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/http://seclists.org/fulldisclosure/2016/Sep/23https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/http://www.openwall.com/lists/oss-security/2016/09/12/3https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/https://www.exploit-db.com/exploits/40360/http://www.securityfocus.com/bid/92912http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttps://security.gentoo.org/glsa/201701-01http://www.debian.org/security/2016/dsa-3666http://www.securitytracker.com/id/1036769http://rhn.redhat.com/errata/RHSA-2017-0184.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2928.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2927.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2749.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2595.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2131.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2130.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2077.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2062.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2061.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2060.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2059.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2058.htmlhttps://usn.ubuntu.com/3078-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/40360/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook