CVE - CVE-2016-6664

CVE-ID
CVE-2016-6664	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) URL:http://www.securityfocus.com/archive/1/539695/100/0/threaded EXPLOIT-DB:40679 URL:https://www.exploit-db.com/exploits/40679/ FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] URL:http://seclists.org/fulldisclosure/2016/Nov/4 MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html DEBIAN:DSA-3770 URL:http://www.debian.org/security/2017/dsa-3770 GENTOO:GLSA-201702-18 URL:https://security.gentoo.org/glsa/201702-18 REDHAT:RHSA-2016:2130 URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html REDHAT:RHSA-2016:2749 URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html REDHAT:RHSA-2017:2192 URL:https://access.redhat.com/errata/RHSA-2017:2192 REDHAT:RHSA-2018:0279 URL:https://access.redhat.com/errata/RHSA-2018:0279 REDHAT:RHSA-2018:0574 URL:https://access.redhat.com/errata/RHSA-2018:0574 BID:93612 URL:http://www.securityfocus.com/bid/93612
Assigning CNA
N/A
Date Entry Created
20160810	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20160810)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org