CVE-2016-6662

CRITICAL
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

References

http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html

http://rhn.redhat.com/errata/RHSA-2016-2058.html

http://rhn.redhat.com/errata/RHSA-2016-2059.html

http://rhn.redhat.com/errata/RHSA-2016-2060.html

http://rhn.redhat.com/errata/RHSA-2016-2061.html

http://rhn.redhat.com/errata/RHSA-2016-2062.html

http://rhn.redhat.com/errata/RHSA-2016-2077.html

http://rhn.redhat.com/errata/RHSA-2016-2130.html

http://rhn.redhat.com/errata/RHSA-2016-2131.html

http://rhn.redhat.com/errata/RHSA-2016-2595.html

http://rhn.redhat.com/errata/RHSA-2016-2749.html

http://rhn.redhat.com/errata/RHSA-2016-2927.html

http://rhn.redhat.com/errata/RHSA-2016-2928.html

http://rhn.redhat.com/errata/RHSA-2017-0184.html

http://seclists.org/fulldisclosure/2016/Sep/23

http://www.debian.org/security/2016/dsa-3666

http://www.openwall.com/lists/oss-security/2016/09/12/3

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.securityfocus.com/bid/92912

http://www.securitytracker.com/id/1036769

https://jira.mariadb.org/browse/MDEV-10465

https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/

https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/

https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/

https://security.gentoo.org/glsa/201701-01

https://www.exploit-db.com/exploits/40360/

https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/

Details

Source: MITRE

Published: 2016-09-20

Updated: 2019-06-03

Type: CWE-264

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.5.0 to 5.5.52 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.6.0 to 5.6.33 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.7.0 to 5.7.15 (inclusive)

Configuration 2

OR

cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*

cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*

cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:8.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:9.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (52 total)

IDNameProductFamilySeverity
125006EulerOS Virtualization 3.0.1.0 : mariadb (EulerOS-SA-2019-1553)NessusHuawei Local Security Checks
critical
101415Virtuozzo 6 : mysql / mysql-bench / mysql-devel / mysql-embedded / etc (VZLSA-2017-0184)NessusVirtuozzo Local Security Checks
critical
99824EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2016-1062)NessusHuawei Local Security Checks
critical
97329Amazon Linux AMI : mysql51 (ALAS-2017-800)NessusAmazon Linux Local Security Checks
critical
96812CentOS 6 : mysql (CESA-2017:0184)NessusCentOS Local Security Checks
critical
96790OracleVM 3.3 / 3.4 : mysql (OVMSA-2017-0035)NessusOracleVM Local Security Checks
critical
96758Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20170124)NessusScientific Linux Local Security Checks
critical
96756RHEL 6 : mysql (RHSA-2017:0184)NessusRed Hat Local Security Checks
critical
96753Oracle Linux 6 : mysql (ELSA-2017-0184)NessusOracle Linux Local Security Checks
critical
96232GLSA-201701-01 : MariaDB and MySQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
95847Scientific Linux Security Update : mariadb on SL7.x x86_64 (20161103)NessusScientific Linux Local Security Checks
critical
95341CentOS 7 : mariadb (CESA-2016:2595)NessusCentOS Local Security Checks
critical
94757SUSE SLES11 Security Update : mysql (SUSE-SU-2016:2780-1)NessusSuSE Local Security Checks
critical
94756openSUSE Security Update : mysql-community-server (openSUSE-2016-1289)NessusSuSE Local Security Checks
critical
94715Oracle Linux 7 : mariadb (ELSA-2016-2595)NessusOracle Linux Local Security Checks
critical
94694openSUSE Security Update : mysql-community-server (openSUSE-2016-1283)NessusSuSE Local Security Checks
critical
94649openSUSE Security Update : mariadb (openSUSE-2016-1274)NessusSuSE Local Security Checks
critical
9749Oracle MySQL 5.7.x < 5.7.16 Multiple VulnerabilitiesNessus Network MonitorDatabase
critical
9748Oracle MySQL 5.6.x < 5.6.34 Multiple VulnerabilitiesNessus Network MonitorDatabase
critical
9747Oracle MySQL 5.5.x < 5.5.53 Multiple VulnerabilitiesNessus Network MonitorDatabase
critical
94558RHEL 7 : mariadb (RHSA-2016:2595)NessusRed Hat Local Security Checks
critical
94198MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)NessusDatabases
critical
94197MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)NessusDatabases
critical
94196MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU)NessusDatabases
critical
94167MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)NessusDatabases
critical
94166MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)NessusDatabases
critical
94165MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU)NessusDatabases
critical
94022Amazon Linux AMI : mysql55 / mysql56 (ALAS-2016-756)NessusAmazon Linux Local Security Checks
critical
9655MariaDB Server 5.5.x < 5.5.51 Multiple VulnerabilitiesNessus Network MonitorDatabase
high
93881Fedora 23 : 1:mariadb (2016-58f90ae3cc)NessusFedora Local Security Checks
critical
93854openSUSE Security Update : mariadb (openSUSE-2016-1154)NessusSuSE Local Security Checks
critical
93771SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:2404-1)NessusSuSE Local Security Checks
critical
93766SUSE SLES12 Security Update : mariadb (SUSE-SU-2016:2395-1)NessusSuSE Local Security Checks
critical
93724Fedora 24 : community-mysql (2016-0901301dff)NessusFedora Local Security Checks
critical
93615SUSE SLES11 Security Update : mysql (SUSE-SU-2016:2343-1)NessusSuSE Local Security Checks
critical
93611MariaDB 5.5.x < 5.5.51 Multiple VulnerabilitiesNessusDatabases
critical
93610MariaDB 10.1.x < 10.1.17 Multiple VulnerabilitiesNessusDatabases
critical
93609MariaDB 10.0.x < 10.0.27 Multiple VulnerabilitiesNessusDatabases
critical
93582FreeBSD : Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662 (b64a7389-7c27-11e6-8aaa-5404a68ad561)NessusFreeBSD Local Security Checks
critical
93564Debian DLA-624-1 : mysql-5.5 security updateNessusDebian Local Security Checks
critical
93510Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : mysql-5.5, mysql-5.7 vulnerability (USN-3078-1)NessusUbuntu Local Security Checks
critical
93496FreeBSD : mysql -- Remote Root Code Execution (856b88bf-7984-11e6-81e7-d050996490d0)NessusFreeBSD Local Security Checks
critical
93486Debian DSA-3666-1 : mysql-5.5 - security updateNessusDebian Local Security Checks
critical
93484Slackware 14.0 / 14.1 / 14.2 / current : mariadb / mysql (SSA:2016-257-01)NessusSlackware Local Security Checks
critical
93380MySQL 5.7.x < 5.7.15 Multiple VulnerabilitiesNessusDatabases
critical
93379MySQL 5.7.x < 5.7.15 Multiple VulnerabilitiesNessusDatabases
critical
93378MySQL 5.6.x < 5.6.33 Multiple VulnerabilitiesNessusDatabases
critical
93377MySQL 5.6.x < 5.6.33 Multiple VulnerabilitiesNessusDatabases
critical
93376MySQL 5.5.x < 5.5.52 Multiple VulnerabilitiesNessusDatabases
critical
93375MySQL 5.5.x < 5.5.52 Multiple VulnerabilitiesNessusDatabases
critical
9546MariaDB Server 10.1.x < 10.1.17 Multiple DoSNessus Network MonitorDatabase
high
9544MariaDB Server 10.0.x < 10.0.27 Multiple DoSNessus Network MonitorDatabase
high