Executive Summary

Informations
NameCVE-2016-6662First vendor Publication2016-09-20
VendorCveLast vendor Modification2019-06-03

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6662

CWE : Common Weakness Enumeration

%idName
100 %CWE-264Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application64
Application107
Application97
Application5
Os1
Os1
Os2
Os1
Os3
Os4
Os2
Os2

Snort® IPS/IDS

DateDescription
2016-10-25Multiple SQL products privilege escalation attempt
RuleID : 40254 - Revision : 2 - Type : SERVER-MYSQL
2016-10-25Multiple SQL products privilege escalation attempt
RuleID : 40253 - Revision : 2 - Type : SERVER-MYSQL

Nessus® Vulnerability Scanner

DateDescription
2017-07-13Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZLSA-2017-0184.nasl - Type : ACT_GATHER_INFO
2017-05-01Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2016-1062.nasl - Type : ACT_GATHER_INFO
2017-02-23Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2017-800.nasl - Type : ACT_GATHER_INFO
2017-01-27Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2017-0184.nasl - Type : ACT_GATHER_INFO
2017-01-26Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2017-0035.nasl - Type : ACT_GATHER_INFO
2017-01-25Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-0184.nasl - Type : ACT_GATHER_INFO
2017-01-25Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-0184.nasl - Type : ACT_GATHER_INFO
2017-01-25Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20170124_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2017-01-03Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201701-01.nasl - Type : ACT_GATHER_INFO
2016-12-15Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20161103_mariadb_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2016-11-28Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-2595.nasl - Type : ACT_GATHER_INFO
2016-11-25Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_dc596a177a9e11e6b034f0def167eeea.nasl - Type : ACT_GATHER_INFO
2016-11-14Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1289.nasl - Type : ACT_GATHER_INFO
2016-11-14Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2780-1.nasl - Type : ACT_GATHER_INFO
2016-11-11Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1283.nasl - Type : ACT_GATHER_INFO
2016-11-11Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-2595.nasl - Type : ACT_GATHER_INFO
2016-11-09Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1274.nasl - Type : ACT_GATHER_INFO
2016-11-04Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2595.nasl - Type : ACT_GATHER_INFO
2016-10-21Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_53_rpm.nasl - Type : ACT_GATHER_INFO
2016-10-21Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_6_34_rpm.nasl - Type : ACT_GATHER_INFO
2016-10-21Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_7_16_rpm.nasl - Type : ACT_GATHER_INFO
2016-10-20Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_53.nasl - Type : ACT_GATHER_INFO
2016-10-20Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_6_34.nasl - Type : ACT_GATHER_INFO
2016-10-20Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_7_16.nasl - Type : ACT_GATHER_INFO
2016-10-13Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2016-756.nasl - Type : ACT_GATHER_INFO
2016-10-06Name : The remote Fedora host is missing a security update.
File : fedora_2016-58f90ae3cc.nasl - Type : ACT_GATHER_INFO
2016-10-05Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1154.nasl - Type : ACT_GATHER_INFO
2016-09-28Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2395-1.nasl - Type : ACT_GATHER_INFO
2016-09-28Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2404-1.nasl - Type : ACT_GATHER_INFO
2016-09-27Name : The remote Fedora host is missing a security update.
File : fedora_2016-0901301dff.nasl - Type : ACT_GATHER_INFO
2016-09-21Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2343-1.nasl - Type : ACT_GATHER_INFO
2016-09-20Name : The remote database server is affected by multiple vulnerabilities.
File : mariadb_10_0_27.nasl - Type : ACT_GATHER_INFO
2016-09-20Name : The remote database server is affected by multiple vulnerabilities.
File : mariadb_10_1_17.nasl - Type : ACT_GATHER_INFO
2016-09-20Name : The remote database server is affected by multiple vulnerabilities.
File : mariadb_5_5_51.nasl - Type : ACT_GATHER_INFO
2016-09-19Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_b64a73897c2711e68aaa5404a68ad561.nasl - Type : ACT_GATHER_INFO
2016-09-19Name : The remote Debian host is missing a security update.
File : debian_DLA-624.nasl - Type : ACT_GATHER_INFO
2016-09-15Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2016-257-01.nasl - Type : ACT_GATHER_INFO
2016-09-15Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3666.nasl - Type : ACT_GATHER_INFO
2016-09-15Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_856b88bf798411e681e7d050996490d0.nasl - Type : ACT_GATHER_INFO
2016-09-15Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3078-1.nasl - Type : ACT_GATHER_INFO
2016-09-08Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_52.nasl - Type : ACT_GATHER_INFO
2016-09-08Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_52_rpm.nasl - Type : ACT_GATHER_INFO
2016-09-08Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_6_33.nasl - Type : ACT_GATHER_INFO
2016-09-08Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_6_33_rpm.nasl - Type : ACT_GATHER_INFO
2016-09-08Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_7_15.nasl - Type : ACT_GATHER_INFO
2016-09-08Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_7_15_rpm.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/92912
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://jira.mariadb.org/browse/MDEV-10465
https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/
https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-20...
DEBIAN http://www.debian.org/security/2016/dsa-3666
EXPLOIT-DB https://www.exploit-db.com/exploits/40360/
FULLDISC http://seclists.org/fulldisclosure/2016/Sep/23
GENTOO https://security.gentoo.org/glsa/201701-01
MISC http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-P...
MLIST http://www.openwall.com/lists/oss-security/2016/09/12/3
REDHAT http://rhn.redhat.com/errata/RHSA-2016-2058.html
http://rhn.redhat.com/errata/RHSA-2016-2059.html
http://rhn.redhat.com/errata/RHSA-2016-2060.html
http://rhn.redhat.com/errata/RHSA-2016-2061.html
http://rhn.redhat.com/errata/RHSA-2016-2062.html
http://rhn.redhat.com/errata/RHSA-2016-2077.html
http://rhn.redhat.com/errata/RHSA-2016-2130.html
http://rhn.redhat.com/errata/RHSA-2016-2131.html
http://rhn.redhat.com/errata/RHSA-2016-2595.html
http://rhn.redhat.com/errata/RHSA-2016-2749.html
http://rhn.redhat.com/errata/RHSA-2016-2927.html
http://rhn.redhat.com/errata/RHSA-2016-2928.html
http://rhn.redhat.com/errata/RHSA-2017-0184.html
SECTRACK http://www.securitytracker.com/id/1036769

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
DateInformations
2019-06-06 21:19:39
  • Multiple Updates
2019-06-03 21:19:18
  • Multiple Updates
2019-05-02 12:07:35
  • Multiple Updates
2019-04-30 12:06:49
  • Multiple Updates
2019-03-05 21:19:16
  • Multiple Updates
2019-01-21 12:05:16
  • Multiple Updates
2018-12-28 12:01:17
  • Multiple Updates
2018-12-21 12:07:26
  • Multiple Updates
2018-07-25 12:06:21
  • Multiple Updates
2018-04-26 12:02:10
  • Multiple Updates
2018-02-14 01:01:55
  • Multiple Updates
2018-01-20 12:07:01
  • Multiple Updates
2018-01-05 09:23:54
  • Multiple Updates
2017-10-25 12:03:26
  • Multiple Updates
2017-10-24 12:05:16
  • Multiple Updates
2017-08-22 12:03:14
  • Multiple Updates
2017-08-13 09:23:40
  • Multiple Updates
2017-07-14 13:24:51
  • Multiple Updates
2017-05-05 12:02:13
  • Multiple Updates
2017-05-03 01:06:40
  • Multiple Updates
2017-05-02 13:24:37
  • Multiple Updates
2017-04-26 12:01:46
  • Multiple Updates
2017-02-24 13:22:23
  • Multiple Updates
2017-02-16 21:24:26
  • Multiple Updates
2017-02-11 09:24:31
  • Multiple Updates
2017-02-01 12:03:03
  • Multiple Updates
2017-01-31 12:01:36
  • Multiple Updates
2017-01-28 13:25:42
  • Multiple Updates
2017-01-27 13:24:50
  • Multiple Updates
2017-01-26 13:24:35
  • Multiple Updates
2017-01-07 09:25:57
  • Multiple Updates
2017-01-04 13:23:10
  • Multiple Updates
2016-12-20 12:03:55
  • Multiple Updates
2016-12-16 13:24:42
  • Multiple Updates
2016-11-29 13:23:41
  • Multiple Updates
2016-11-15 13:25:42
  • Multiple Updates
2016-11-12 13:25:32
  • Multiple Updates
2016-11-10 13:24:18
  • Multiple Updates
2016-11-05 13:24:39
  • Multiple Updates
2016-11-02 00:29:41
  • Multiple Updates
2016-10-26 21:22:00
  • Multiple Updates
2016-10-26 09:22:47
  • Multiple Updates
2016-10-22 13:25:18
  • Multiple Updates
2016-10-22 12:04:02
  • Multiple Updates
2016-10-14 13:25:02
  • Multiple Updates
2016-10-07 13:23:41
  • Multiple Updates
2016-10-06 13:23:45
  • Multiple Updates
2016-10-04 21:25:28
  • Multiple Updates
2016-10-01 09:24:17
  • Multiple Updates
2016-09-29 13:25:19
  • Multiple Updates
2016-09-28 13:25:12
  • Multiple Updates
2016-09-22 13:25:07
  • Multiple Updates
2016-09-21 21:29:44
  • Multiple Updates
2016-09-21 13:25:39
  • Multiple Updates
2016-09-21 00:20:01
  • First insertion