Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2016-6664

Published: 13/12/2016 Updated: 24/01/2023
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 695
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Mysql

Vulnerability Summary

mysqld_safe in Oracle MySQL up to and including 5.5.51, 5.6.x up to and including 5.6.32, and 5.7.x up to and including 5.7.14; MariaDB; Percona Server prior to 5.5.51-38.2, 5.6.x prior to 5.6.32-78-1, and 5.7.x prior to 5.7.14-8; and Percona XtraDB Cluster prior to 5.5.41-37.0, 5.6.x prior to 5.6.32-25.17, and 5.7.x prior to 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle mysql

mariadb mariadb

percona percona server

percona xtradb cluster

Vendor Advisories

Red Hat: Important: mysql55-mysql security update
Synopsis Important: mysql55-mysql security update Type/Severity Security Advisory: Important Topic An update for mysql55-mysql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Red Hat: Moderate: rh-mariadb101-mariadb and rh-mariadb101-galera security and bug fix update
Synopsis Moderate: rh-mariadb101-mariadb and rh-mariadb101-galera security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for rh-mariadb101-mariadb and rh-mariadb101-galera is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as havin ...
Red Hat: Important: rh-mysql56-mysql security and bug fix update
Synopsis Important: rh-mysql56-mysql security and bug fix update Type/Severity Security Advisory: Important Topic An update for rh-mysql56-mysql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Red Hat: Moderate: rh-mariadb100-mariadb security update
Synopsis Moderate: rh-mariadb100-mariadb security update Type/Severity Security Advisory: Moderate Topic An update for rh-mariadb100-mariadb is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scorin ...
Red Hat: Important: rh-mysql57-mysql security and bug fix update
Synopsis Important: rh-mysql57-mysql security and bug fix update Type/Severity Security Advisory: Important Topic An update for rh-mysql57-mysql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Red Hat: Important: rh-mysql56-mysql security update
Synopsis Important: rh-mysql56-mysql security update Type/Severity Security Advisory: Important Topic An update for rh-mysql56-mysql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...

Exploits

Exploit DB: MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation
#!/bin/bash -p # # Source: legalhackerscom/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploithtml // legalhackerscom/exploits/CVE-2016-6664/mysql-chownedsh # # MySQL / MariaDB / PerconaDB - Root Privilege Escalation PoC Exploit # mysql-chownedsh (ver 10) # # CVE-2016-6664 / OCVE-2016-5617 # # Discovered and ...
Exploit DB: MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition
An independent research has revealed a race condition vulnerability which affects MySQL, MariaDB and PerconaDB databases The vulnerability can allow a local system user with access to the affected database in the context of a low-privileged account (CREATE/INSERT/SELECT grants) to escalate their privileges and execute arbitrary code as the databas ...
Exploit DB: MySQL / MariaDB / PerconaDB Root Privilege Escalation
MySQL-based databases including MySQL, MariaDB and PerconaDB are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user to further escalate their privileges to root user allowing them to fully compromise the system The vulnerability stems from unsafe file handling of error logs and othe ...

Github Repositories

https://github.com/stevenharradine/mariadb-vulneribility-scanner-patcher-20161104

MariaDB CVE Scanner / Patcher 20161104 This script will scan your system for mysql (MariaDB specificly) for CVE-2016-6663 CVE-2016-6664 CVE-2016-5616 CVE-2016-5617 Note: This script has not been tested with non-mariadb installs wwwinfoworldcom/article/3138455/security/admins-update-your-databases-to-avoid-the-mysql-bughtml usage From the server you are checking just

Recent Articles

Vuln hunter finds nasty shared server god mode database hack holes
The Register • Darren Pauli • 03 Nov 2016

MySQL, MariaDB, and Percona pwned.

Dangerous since-patched vulnerabilities in MySQL, MariaDB, and Percona's Server and XtraDB Cluster have been found that, when chained, allow attackers in shared environments complete compromise of servers. The database servers are among the world's most popular and count all major tech giants as customers including Google and its properties; Facebook; Twitter; eBay; Cisco; Amazon and Netflix, plus scores more. Legalhackers vulnerability hunter Dawid Golunski (@dawid_golunski) says the race condi...

Read more...

References

CWE-59http://seclists.org/fulldisclosure/2016/Nov/4http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.htmlhttps://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.htmlhttps://www.exploit-db.com/exploits/40679/http://www.securityfocus.com/bid/93612http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttps://security.gentoo.org/glsa/201702-18http://www.debian.org/security/2017/dsa-3770https://access.redhat.com/errata/RHSA-2017:2192http://rhn.redhat.com/errata/RHSA-2016-2749.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2130.htmlhttps://access.redhat.com/errata/RHSA-2018:0279https://access.redhat.com/errata/RHSA-2018:0574http://www.securityfocus.com/archive/1/539695/100/0/threadedhttps://nvd.nist.govhttps://github.com/stevenharradine/mariadb-vulneribility-scanner-patcher-20161104https://access.redhat.com/errata/RHSA-2016:2130https://www.exploit-db.com/exploits/40679/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook