CVE-2016-6662

critical-risk

Published 2016-09-20

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Do I need to act?

89.6% chance of exploitation in next 30 days

EPSS score — higher than 10% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

40360

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Mysql

Mariadb

Debian Linux

Openstack

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Percona Server

Openstack

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Server Aus

Affected Vendors

Percona Redhat Mariadb Oracle Debian

References (54)

Third Party Advisory http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Priv...

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2058.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2059.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2060.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2061.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2062.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2077.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2130.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2131.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2595.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2749.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2927.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2928.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0184.html

Mailing List http://seclists.org/fulldisclosure/2016/Sep/23

Third Party Advisory http://www.debian.org/security/2016/dsa-3666

Mailing List http://www.openwall.com/lists/oss-security/2016/09/12/3

Patch http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Third Party Advisory http://www.securityfocus.com/bid/92912

Third Party Advisory http://www.securitytracker.com/id/1036769

and 34 more references

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 20/34 · Moderate

Exposure 21/34 · High