Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
http://rhn.redhat.com/errata/RHSA-2016-2058.html
http://rhn.redhat.com/errata/RHSA-2016-2059.html
http://rhn.redhat.com/errata/RHSA-2016-2060.html
http://rhn.redhat.com/errata/RHSA-2016-2061.html
http://rhn.redhat.com/errata/RHSA-2016-2062.html
http://rhn.redhat.com/errata/RHSA-2016-2077.html
http://rhn.redhat.com/errata/RHSA-2016-2130.html
http://rhn.redhat.com/errata/RHSA-2016-2131.html
http://rhn.redhat.com/errata/RHSA-2016-2595.html
http://rhn.redhat.com/errata/RHSA-2016-2749.html
http://rhn.redhat.com/errata/RHSA-2016-2927.html
http://rhn.redhat.com/errata/RHSA-2016-2928.html
http://rhn.redhat.com/errata/RHSA-2017-0184.html
http://seclists.org/fulldisclosure/2016/Sep/23
http://www.debian.org/security/2016/dsa-3666
http://www.openwall.com/lists/oss-security/2016/09/12/3
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.securityfocus.com/bid/92912
http://www.securitytracker.com/id/1036769
https://jira.mariadb.org/browse/MDEV-10465
https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/
https://security.gentoo.org/glsa/201701-01
https://www.exploit-db.com/exploits/40360/
https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/
Source: MITRE
Published: 2016-09-20
Updated: 2019-06-03
Type: CWE-264
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL
OR
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.5.0 to 5.5.52 (inclusive)
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.6.0 to 5.6.33 (inclusive)
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.7.0 to 5.7.15 (inclusive)
OR
cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*
OR
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
OR
OR
cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
125006 | EulerOS Virtualization 3.0.1.0 : mariadb (EulerOS-SA-2019-1553) | Nessus | Huawei Local Security Checks | critical |
101415 | Virtuozzo 6 : mysql / mysql-bench / mysql-devel / mysql-embedded / etc (VZLSA-2017-0184) | Nessus | Virtuozzo Local Security Checks | critical |
99824 | EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2016-1062) | Nessus | Huawei Local Security Checks | critical |
97329 | Amazon Linux AMI : mysql51 (ALAS-2017-800) | Nessus | Amazon Linux Local Security Checks | critical |
96812 | CentOS 6 : mysql (CESA-2017:0184) | Nessus | CentOS Local Security Checks | critical |
96790 | OracleVM 3.3 / 3.4 : mysql (OVMSA-2017-0035) | Nessus | OracleVM Local Security Checks | critical |
96758 | Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20170124) | Nessus | Scientific Linux Local Security Checks | critical |
96756 | RHEL 6 : mysql (RHSA-2017:0184) | Nessus | Red Hat Local Security Checks | critical |
96753 | Oracle Linux 6 : mysql (ELSA-2017-0184) | Nessus | Oracle Linux Local Security Checks | critical |
96232 | GLSA-201701-01 : MariaDB and MySQL: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
95847 | Scientific Linux Security Update : mariadb on SL7.x x86_64 (20161103) | Nessus | Scientific Linux Local Security Checks | critical |
95341 | CentOS 7 : mariadb (CESA-2016:2595) | Nessus | CentOS Local Security Checks | critical |
94757 | SUSE SLES11 Security Update : mysql (SUSE-SU-2016:2780-1) | Nessus | SuSE Local Security Checks | critical |
94756 | openSUSE Security Update : mysql-community-server (openSUSE-2016-1289) | Nessus | SuSE Local Security Checks | critical |
94715 | Oracle Linux 7 : mariadb (ELSA-2016-2595) | Nessus | Oracle Linux Local Security Checks | critical |
94694 | openSUSE Security Update : mysql-community-server (openSUSE-2016-1283) | Nessus | SuSE Local Security Checks | critical |
94649 | openSUSE Security Update : mariadb (openSUSE-2016-1274) | Nessus | SuSE Local Security Checks | critical |
9749 | Oracle MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities | Nessus Network Monitor | Database | critical |
9748 | Oracle MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities | Nessus Network Monitor | Database | critical |
9747 | Oracle MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities | Nessus Network Monitor | Database | critical |
94558 | RHEL 7 : mariadb (RHSA-2016:2595) | Nessus | Red Hat Local Security Checks | critical |
94198 | MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32) | Nessus | Databases | critical |
94197 | MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32) | Nessus | Databases | critical |
94196 | MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU) | Nessus | Databases | critical |
94167 | MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32) | Nessus | Databases | critical |
94166 | MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32) | Nessus | Databases | critical |
94165 | MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU) | Nessus | Databases | critical |
94022 | Amazon Linux AMI : mysql55 / mysql56 (ALAS-2016-756) | Nessus | Amazon Linux Local Security Checks | critical |
9655 | MariaDB Server 5.5.x < 5.5.51 Multiple Vulnerabilities | Nessus Network Monitor | Database | high |
93881 | Fedora 23 : 1:mariadb (2016-58f90ae3cc) | Nessus | Fedora Local Security Checks | critical |
93854 | openSUSE Security Update : mariadb (openSUSE-2016-1154) | Nessus | SuSE Local Security Checks | critical |
93771 | SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:2404-1) | Nessus | SuSE Local Security Checks | critical |
93766 | SUSE SLES12 Security Update : mariadb (SUSE-SU-2016:2395-1) | Nessus | SuSE Local Security Checks | critical |
93724 | Fedora 24 : community-mysql (2016-0901301dff) | Nessus | Fedora Local Security Checks | critical |
93615 | SUSE SLES11 Security Update : mysql (SUSE-SU-2016:2343-1) | Nessus | SuSE Local Security Checks | critical |
93611 | MariaDB 5.5.x < 5.5.51 Multiple Vulnerabilities | Nessus | Databases | critical |
93610 | MariaDB 10.1.x < 10.1.17 Multiple Vulnerabilities | Nessus | Databases | critical |
93609 | MariaDB 10.0.x < 10.0.27 Multiple Vulnerabilities | Nessus | Databases | critical |
93582 | FreeBSD : Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662 (b64a7389-7c27-11e6-8aaa-5404a68ad561) | Nessus | FreeBSD Local Security Checks | critical |
93564 | Debian DLA-624-1 : mysql-5.5 security update | Nessus | Debian Local Security Checks | critical |
93510 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : mysql-5.5, mysql-5.7 vulnerability (USN-3078-1) | Nessus | Ubuntu Local Security Checks | critical |
93496 | FreeBSD : mysql -- Remote Root Code Execution (856b88bf-7984-11e6-81e7-d050996490d0) | Nessus | FreeBSD Local Security Checks | critical |
93486 | Debian DSA-3666-1 : mysql-5.5 - security update | Nessus | Debian Local Security Checks | critical |
93484 | Slackware 14.0 / 14.1 / 14.2 / current : mariadb / mysql (SSA:2016-257-01) | Nessus | Slackware Local Security Checks | critical |
93380 | MySQL 5.7.x < 5.7.15 Multiple Vulnerabilities | Nessus | Databases | critical |
93379 | MySQL 5.7.x < 5.7.15 Multiple Vulnerabilities | Nessus | Databases | critical |
93378 | MySQL 5.6.x < 5.6.33 Multiple Vulnerabilities | Nessus | Databases | critical |
93377 | MySQL 5.6.x < 5.6.33 Multiple Vulnerabilities | Nessus | Databases | critical |
93376 | MySQL 5.5.x < 5.5.52 Multiple Vulnerabilities | Nessus | Databases | critical |
93375 | MySQL 5.5.x < 5.5.52 Multiple Vulnerabilities | Nessus | Databases | critical |
9546 | MariaDB Server 10.1.x < 10.1.17 Multiple DoS | Nessus Network Monitor | Database | high |
9544 | MariaDB Server 10.0.x < 10.0.27 Multiple DoS | Nessus Network Monitor | Database | high |