Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2016-6663

Published: 13/12/2016 Updated: 05/03/2019
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 446
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Mysql

Vulnerability Summary

Race condition in Oracle MySQL prior to 5.5.52, 5.6.x prior to 5.6.33, 5.7.x prior to 5.7.15, and 8.x prior to 8.0.1; MariaDB prior to 5.5.52, 10.0.x prior to 10.0.28, and 10.1.x prior to 10.1.18; Percona Server prior to 5.5.51-38.2, 5.6.x prior to 5.6.32-78-1, and 5.7.x prior to 5.7.14-8; and Percona XtraDB Cluster prior to 5.5.41-37.0, 5.6.x prior to 5.6.32-25.17, and 5.7.x prior to 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle mysql

percona percona server

percona xtradb cluster

mariadb mariadb

oracle mysql 8.0

Vendor Advisories

Debian Security Advisories: DSA-3711-1 mariadb-10.0 -- security update
Several issues have been discovered in the MariaDB database server The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10028 Please see the MariaDB 100 Release Notes for further details: mariadbcom/kb/en/mariadb/mariadb-10028-release-notes/ For the stable distribution (jessie), these problems have been ...
Red Hat: Important: mysql security update
Synopsis Important: mysql security update Type/Severity Security Advisory: Important Topic An update for mysql is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whi ...
Red Hat: Important: rh-mariadb101-mariadb security update
Synopsis Important: rh-mariadb101-mariadb security update Type/Severity Security Advisory: Important Topic An update for rh-mariadb101-mariadb is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Red Hat: Important: rh-mariadb100-mariadb security update
Synopsis Important: rh-mariadb100-mariadb security update Type/Severity Security Advisory: Important Topic An update for rh-mariadb100-mariadb is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Red Hat: Important: mariadb55-mariadb security update
Synopsis Important: mariadb55-mariadb security update Type/Severity Security Advisory: Important Topic An update for mariadb55-mariadb is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: mysql55-mysql security update
Synopsis Important: mysql55-mysql security update Type/Severity Security Advisory: Important Topic An update for mysql55-mysql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Red Hat: Important: rh-mysql56-mysql security update
Synopsis Important: rh-mysql56-mysql security update Type/Severity Security Advisory: Important Topic An update for rh-mysql56-mysql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Amazon Linux AMI: ALAS-2017-800
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server (CVE-2016-6662) A race condition was found in the way My ...
Red Hat: CVE-2016-6663
A race condition was found in the way MySQL performed MyISAM engine table repair A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user ...

Exploits

Exploit DB: MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition
/* Source: legalhackerscom/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploithtml // legalhackerscom/exploits/CVE-2016-6663/mysql-privesc-racec MySQL/PerconaDB/MariaDB - Privilege Escalation / Race Condition PoC Exploit mysql-privesc-racec (ver 10) CVE-2016-6663 / OCVE-2016-5616 Discovered/Coded by: Daw ...
Exploit DB: MySQL 5.7.15 / 5.6.33 / 5.5.52 Remote Code Execution
MySQL versions 5715 and below, 5633 and below, and 5552 and below suffer from remote root code execution and privilege escalation vulnerabilities ...
Exploit DB: MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition
An independent research has revealed a race condition vulnerability which affects MySQL, MariaDB and PerconaDB databases The vulnerability can allow a local system user with access to the affected database in the context of a low-privileged account (CREATE/INSERT/SELECT grants) to escalate their privileges and execute arbitrary code as the databas ...
Exploit DB: MySQL / MariaDB / PerconaDB Root Privilege Escalation
MySQL-based databases including MySQL, MariaDB and PerconaDB are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user to further escalate their privileges to root user allowing them to fully compromise the system The vulnerability stems from unsafe file handling of error logs and othe ...

Github Repositories

https://github.com/stevenharradine/mariadb-vulneribility-scanner-patcher-20161104

MariaDB CVE Scanner / Patcher 20161104 This script will scan your system for mysql (MariaDB specificly) for CVE-2016-6663 CVE-2016-6664 CVE-2016-5616 CVE-2016-5617 Note: This script has not been tested with non-mariadb installs wwwinfoworldcom/article/3138455/security/admins-update-your-databases-to-avoid-the-mysql-bughtml usage From the server you are checking just

https://github.com/brmzkw/links

Date Keywords URL 2024/02/05 golang unittest wwwyoutubecom/watch?v=8hQG7QlcLBk 2024/01/30 golang interface pollution wwwardanlabscom/blog/2016/10/avoid-interface-pollutionhtml 2023/11/22 CSS unit size whatunitcom/ 2023/10/23 mp4 video react wwwremotiondev/ 2023/10/17 marketing ads posthogcom/blog/dev-marketing-paid-ad

Recent Articles

Vuln hunter finds nasty shared server god mode database hack holes
The Register • Darren Pauli • 03 Nov 2016

MySQL, MariaDB, and Percona pwned.

Dangerous since-patched vulnerabilities in MySQL, MariaDB, and Percona's Server and XtraDB Cluster have been found that, when chained, allow attackers in shared environments complete compromise of servers. The database servers are among the world's most popular and count all major tech giants as customers including Google and its properties; Facebook; Twitter; eBay; Cisco; Amazon and Netflix, plus scores more. Legalhackers vulnerability hunter Dawid Golunski (@dawid_golunski) says the race condi...

Read more...
Bad news: MySQL can dish out root access to cunning miscreants
The Register • Chris Williams, Editor in Chief • 13 Sep 2016

Good news: Oracle sneaked some patches out

Updated Security holes in MySQL can be abused to gain remote root access on poorly configured servers, it emerged on Monday. Patches to fix up the programming blunders were quietly released last week. The flaws are present in all default installations of MySQL 5.5, 5.6 and 5.7. Grab versions 5.5.52, 5.6.33 and 5.7.15 to avoid any trouble. The bugs were discovered by Dawid Golunski, who says he reported them to MySQL overseer Oracle on July 29. He found that you can misuse an SQL command to write...

Read more...

References

CWE-362http://seclists.org/fulldisclosure/2016/Nov/4http://www.securityfocus.com/bid/92911https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.htmlhttp://www.openwall.com/lists/oss-security/2016/10/25/4https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.htmlhttps://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.htmlhttps://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/https://www.exploit-db.com/exploits/40678/https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.htmlhttps://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.htmlhttps://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/http://www.securityfocus.com/bid/93614http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0184.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2928.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2927.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2749.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2595.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2131.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2130.htmlhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-3711https://www.exploit-db.com/exploits/40678/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook