4.4
CVSSv2

CVE-2016-6663

Published: 13/12/2016 Updated: 05/03/2019
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 446
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Race condition in Oracle MySQL prior to 5.5.52, 5.6.x prior to 5.6.33, 5.7.x prior to 5.7.15, and 8.x prior to 8.0.1; MariaDB prior to 5.5.52, 10.0.x prior to 10.0.28, and 10.1.x prior to 10.1.18; Percona Server prior to 5.5.51-38.2, 5.6.x prior to 5.6.32-78-1, and 5.7.x prior to 5.7.14-8; and Percona XtraDB Cluster prior to 5.5.41-37.0, 5.6.x prior to 5.6.32-25.17, and 5.7.x prior to 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle mysql

percona percona server

percona xtradb cluster

mariadb mariadb

oracle mysql 8.0

Vendor Advisories

Synopsis Important: mysql security update Type/Severity Security Advisory: Important Topic An update for mysql is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whi ...
Synopsis Important: mariadb55-mariadb security update Type/Severity Security Advisory: Important Topic An update for mariadb55-mariadb is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis Important: rh-mariadb101-mariadb security update Type/Severity Security Advisory: Important Topic An update for rh-mariadb101-mariadb is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Synopsis Important: rh-mysql56-mysql security update Type/Severity Security Advisory: Important Topic An update for rh-mysql56-mysql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis Important: rh-mariadb100-mariadb security update Type/Severity Security Advisory: Important Topic An update for rh-mariadb100-mariadb is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
A race condition was found in the way MySQL performed MyISAM engine table repair A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user ...
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server (CVE-2016-6662) A race condition was found in the way My ...
Synopsis Important: mysql55-mysql security update Type/Severity Security Advisory: Important Topic An update for mysql55-mysql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Several issues have been discovered in the MariaDB database server The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10028 Please see the MariaDB 100 Release Notes for further details: mariadbcom/kb/en/mariadb/mariadb-10028-release-notes/ For the stable distribution (jessie), these problems have been ...

Exploits

/* Source: legalhackerscom/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploithtml // legalhackerscom/exploits/CVE-2016-6663/mysql-privesc-racec MySQL/PerconaDB/MariaDB - Privilege Escalation / Race Condition PoC Exploit mysql-privesc-racec (ver 10) CVE-2016-6663 / OCVE-2016-5616 Discovered/Coded by: Daw ...

Mailing Lists

MySQL versions 5715 and below, 5633 and below, and 5552 and below suffer from remote root code execution and privilege escalation vulnerabilities ...
An independent research has revealed a race condition vulnerability which affects MySQL, MariaDB and PerconaDB databases The vulnerability can allow a local system user with access to the affected database in the context of a low-privileged account (CREATE/INSERT/SELECT grants) to escalate their privileges and execute arbitrary code as the databas ...
MySQL-based databases including MySQL, MariaDB and PerconaDB are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user to further escalate their privileges to root user allowing them to fully compromise the system The vulnerability stems from unsafe file handling of error logs and othe ...

Github Repositories

Date Keywords URL 2023/11/22 CSS unit size whatunitcom/ 2023/10/23 mp4 video react wwwremotiondev/ 2023/10/17 marketing ads posthogcom/blog/dev-marketing-paid-ads 2023/08/22 bubbletea CLI golang charmsh/blog/commands-in-bubbletea/ 2023/06/21 CLI design cligdev/#naming 2023/06/21 CLI design blogdeveloperatlass

MariaDB CVE Scanner / Patcher 20161104 This script will scan your system for mysql (MariaDB specificly) for CVE-2016-6663 CVE-2016-6664 CVE-2016-5616 CVE-2016-5617 Note: This script has not been tested with non-mariadb installs wwwinfoworldcom/article/3138455/security/admins-update-your-databases-to-avoid-the-mysql-bughtml usage From the server you are checking just

...

cyber-security-interview xxmmmm 猪猪谈安全 2023-03-14 19:49 发表于江苏 原文于:wwwnowcodercom/discuss/353158665735708672 原文作者:xxmmmm 1012 阿里 安全工程师 1022 二面 web安全 ,合规。一面问web,二面问内网。 1、跨域相关的内容 jsonp:如何实现跨域带第三方cookie? 跨域资源共享CORS Ajx跨域请

红队作战中比较常遇到的一些重点系统漏洞整理。

红队中易被攻击的一些重点系统漏洞整理 以下时间为更新时间,不代表漏洞发现时间带 ⚒️图标的为工具URL 配合EHole(棱洞)-红队重点攻击系统指纹探测工具使用效果更佳:githubcom/EdgeSecurityTeam/EHole 一、OA系统 泛微(Weaver-Ecology-OA) [20210107] - 泛微OA E-cology RCE(C

信息收集 主机信息收集 敏感目录文件收集 目录爆破 字典 BurpSuite 搜索引擎语法 Google Hack DuckDuckgo 可搜索微博、人人网等屏蔽了主流搜索引擎的网站 Bing js文件泄漏后台或接口信息 快捷搜索第三方资源 findjs robotstxt 目录可访问( autoindex ) iis短文件名 IIS-ShortName-Scanner

Recent Articles

Vuln hunter finds nasty shared server god mode database hack holes
The Register • Darren Pauli • 03 Nov 2016

MySQL, MariaDB, and Percona pwned.

Dangerous since-patched vulnerabilities in MySQL, MariaDB, and Percona's Server and XtraDB Cluster have been found that, when chained, allow attackers in shared environments complete compromise of servers.
The database servers are among the world's most popular and count all major tech giants as customers including Google and its properties; Facebook; Twitter; eBay; Cisco; Amazon and Netflix, plus scores more.
Legalhackers vulnerability hunter Dawid Golunski (@dawid_golunski) says th...

Bad news: MySQL can dish out root access to cunning miscreants
The Register • Chris Williams, Editor in Chief • 13 Sep 2016

Good news: Oracle sneaked some patches out

Updated Security holes in MySQL can be abused to gain remote root access on poorly configured servers, it emerged on Monday.
Patches to fix up the programming blunders were quietly released last week. The flaws are present in all default installations of MySQL 5.5, 5.6 and 5.7. Grab versions 5.5.52, 5.6.33 and 5.7.15 to avoid any trouble.
The bugs were discovered by Dawid Golunski, who says he reported them to MySQL overseer Oracle on July 29.
He found that you can misuse an SQ...

References

CWE-362http://seclists.org/fulldisclosure/2016/Nov/4http://www.securityfocus.com/bid/92911https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.htmlhttp://www.openwall.com/lists/oss-security/2016/10/25/4https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.htmlhttps://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.htmlhttps://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/https://www.exploit-db.com/exploits/40678/https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.htmlhttps://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.htmlhttps://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/http://www.securityfocus.com/bid/93614http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0184.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2928.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2927.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2749.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2595.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2131.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2130.htmlhttps://github.com/brmzkw/linkshttps://access.redhat.com/errata/RHSA-2017:0184https://nvd.nist.govhttps://www.exploit-db.com/exploits/40678/https://github.com/7hang/cyber-security-interviewhttps://access.redhat.com/security/cve/cve-2016-6663