Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-6662 — Incorrect Permission Assignment in Mariadb

CWE-264 CWE-732 — Incorrect Permission Assignment18 documents11 sources

Severity

9.8CRITICALNVD

EPSS

89.6%

top 0.44%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mariadb Percona Server Oracle Mysql +9 more

Timeline

PublishedSep 20

Latest updateMay 13

Description

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the af…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

▶NVDoracle/mysql5.5.0 — 5.5.52+2

▶NVDpercona/percona_server5.5 — 5.5.51-38.1+2

▶NVDmariadb/mariadb5.5.20 — 5.5.51+2

▶Alpinemariadb/mariadb< 5.5.51-r0+1

▶NVDredhat/enterprise_linux_server6.0

Also affects: Debian Linux 8.0, Enterprise Linux 7.0, 7.3, 7.4, 7.6, 7.5

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-76m2-pqh7-www3: Oracle MySQL through 5↗2022-05-13

▶

CVEList

CVE-2016-6662: Oracle MySQL through 5↗2016-09-20

▶

OSV

CVE-2016-6662: Oracle MySQL through 5↗2016-09-20

▶

VulnCheck

MySQL, MariaDB, Percona malloc_lib Remote Root Code Execution↗2016

▶

💥Exploits & PoCs

Exploit-DB

MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation↗2016-09-12

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible MySQL CVE-2016-6662 Attempt↗2016-09-13

▶

Suricata

ET EXPLOIT Possible MySQL cnf overwrite CVE-2016-6662 Attempt↗2016-09-13

▶

📋Vendor Advisories

Ubuntu

MySQL vulnerability↗2016-09-13

▶

Red Hat

mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)↗2016-09-12

▶

📐Framework References

ATT&CK

Exploit Public-Facing Application↗

▶

💬Community

Bugzilla

CVE-2017-3291 mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017)↗2017-01-18

▶

Bugzilla

CVE-2017-3312 mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017)↗2017-01-17

▶

Bugzilla

CVE-2016-5616 CVE-2016-6663 mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)↗2016-09-23

▶

Bugzilla

CVE-2016-6662 mariadb: mysql: Privilege escalation by abusing MySQL logging functions [fedora-all]↗2016-09-12

▶

Bugzilla

CVE-2016-6662 mariadb-galera: mysql: Privilege escalation by abusing MySQL logging functions [fedora-all]↗2016-09-12

▶