CVE-2016-6663
moderate-risk
Published 2016-12-13
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
Do I need to act?
~
3.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.0/10
High
LOCAL
/ HIGH complexity
Affected Products (5)
References (48)
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2130.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2131.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2595.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2749.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2927.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2928.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0184.html
Mailing List
http://seclists.org/fulldisclosure/2016/Nov/4
Third Party Advisory
http://www.securityfocus.com/bid/92911
Third Party Advisory
http://www.securityfocus.com/bid/93614
and 28 more references
36
/ 100
moderate-risk
Severity
18/34 · Moderate
Exploitability
6/34 · Minimal
Exposure
12/34 · Low