CVE-2016-6662

CVSS v3.0 9.8 (Critical)

CVSS v2.0 10 (High)

EPSS 0.93 % (83^th)

Affected Products 12

Advisories 19

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2016-09-20 18:59:00
(8 years ago)
Updated Date: 2021-08-04 17:15:35
(3 years ago)

Affected Products

Redhat

Configuration #1

	CPE23	From	Up To
Oracle Mysql from 5.5.0 version and 5.5.52 and prior versions	cpe:2.3:a:oracle:mysql	>= 5.5.0	<= 5.5.52
Oracle Mysql from 5.6.0 version and 5.6.33 and prior versions	cpe:2.3:a:oracle:mysql	>= 5.6.0	<= 5.6.33
Oracle Mysql from 5.7.0 version and 5.7.15 and prior versions	cpe:2.3:a:oracle:mysql	>= 5.7.0	<= 5.7.15

Configuration #2

	CPE23	From	Up To
Percona Server from 5.5 version and prior 5.5.51-38.1 version	cpe:2.3:a:percona:percona_server	>= 5.5	< 5.5.51-38.1
Percona Server from 5.6 version and prior 5.6.32-78.0 version	cpe:2.3:a:percona:percona_server	>= 5.6	< 5.6.32-78.0
Percona Server from 5.7 version and prior 5.7.14-7 version	cpe:2.3:a:percona:percona_server	>= 5.7	< 5.7.14-7

Configuration #3

	CPE23	From	Up To
Mariadb from 5.5.20 version and prior 5.5.51 version	cpe:2.3:a:mariadb:mariadb	>= 5.5.20	< 5.5.51
Mariadb from 10.0.0 version and prior 10.0.27 version	cpe:2.3:a:mariadb:mariadb	>= 10.0.0	< 10.0.27
Mariadb from 10.1.0 version and prior 10.1.17 version	cpe:2.3:a:mariadb:mariadb	>= 10.1.0	< 10.1.17

Configuration #4

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0

Configuration #5

		CPE23	From	Up To
	Redhat Openstack 5.0	cpe:2.3:a:redhat:openstack:5.0
	Redhat Openstack 6.0	cpe:2.3:a:redhat:openstack:6.0
	Redhat Openstack 7.0	cpe:2.3:a:redhat:openstack:7.0
	Redhat Openstack 8	cpe:2.3:a:redhat:openstack:8
	Redhat Openstack 9	cpe:2.3:a:redhat:openstack:9
	Redhat Enterprise Linux 7.0	cpe:2.3:o:redhat:enterprise_linux:7.0
	Redhat Enterprise Linux Desktop 6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
	Redhat Enterprise Linux Desktop 7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
	Redhat Enterprise Linux Server 6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0
	Redhat Enterprise Linux Server Aus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3
	Redhat Enterprise Linux Server Aus 7.4	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
	Redhat Enterprise Linux Server Aus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
	Redhat Enterprise Linux Server Eus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3
	Redhat Enterprise Linux Server Eus 7.4	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
	Redhat Enterprise Linux Server Eus 7.5	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
	Redhat Enterprise Linux Server Eus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
	Redhat Enterprise Linux Server Tus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3
	Redhat Enterprise Linux Server Tus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
	Redhat Enterprise Linux Workstation 6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
	Redhat Enterprise Linux Workstation 7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0

Weaknesses

Affected Products

Debian

Mariadb

Oracle

Percona