National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2016-6662 Detail

Description

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Source:  MITRE      Last Modified:  02/10/2017

Quick Info

CVE Dictionary Entry:
CVE-2016-6662
Original release date:
09/20/2016
Last revised:
01/04/2018
Source:
US-CERT/NIST

Impact

CVSS Severity (version 3.0):
CVSS v3 Base Score:
8.8 High
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (legend)
Impact Score:
5.9
Exploitability Score:
2.8
CVSS Version 3 Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
CVSS Severity (version 2.0):
CVSS v2 Base Score:
10.0 HIGH
Vector:
(AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore:
10.0
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html Third Party Advisory External Source MISC http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
http://rhn.redhat.com/errata/RHSA-2016-2058.html External Source REDHAT RHSA-2016:2058
http://rhn.redhat.com/errata/RHSA-2016-2059.html External Source REDHAT RHSA-2016:2059
http://rhn.redhat.com/errata/RHSA-2016-2060.html External Source REDHAT RHSA-2016:2060
http://rhn.redhat.com/errata/RHSA-2016-2061.html External Source REDHAT RHSA-2016:2061
http://rhn.redhat.com/errata/RHSA-2016-2062.html External Source REDHAT RHSA-2016:2062
http://rhn.redhat.com/errata/RHSA-2016-2077.html External Source REDHAT RHSA-2016:2077
http://rhn.redhat.com/errata/RHSA-2016-2130.html External Source REDHAT RHSA-2016:2130
http://rhn.redhat.com/errata/RHSA-2016-2131.html External Source REDHAT RHSA-2016:2131
http://rhn.redhat.com/errata/RHSA-2016-2595.html External Source REDHAT RHSA-2016:2595
http://rhn.redhat.com/errata/RHSA-2016-2749.html External Source REDHAT RHSA-2016:2749
http://rhn.redhat.com/errata/RHSA-2016-2927.html External Source REDHAT RHSA-2016:2927
http://rhn.redhat.com/errata/RHSA-2016-2928.html External Source REDHAT RHSA-2016:2928
http://rhn.redhat.com/errata/RHSA-2017-0184.html External Source REDHAT RHSA-2017:0184
http://seclists.org/fulldisclosure/2016/Sep/23 Mailing List; Third Party Advisory External Source FULLDISC 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )
http://www.debian.org/security/2016/dsa-3666 External Source DEBIAN DSA-3666
http://www.openwall.com/lists/oss-security/2016/09/12/3 Mailing List; Third Party Advisory External Source MLIST [oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Vendor Advisory External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.securityfocus.com/bid/92912 Third Party Advisory; VDB Entry External Source BID 92912
http://www.securitytracker.com/id/1036769 External Source SECTRACK 1036769
https://jira.mariadb.org/browse/MDEV-10465 Issue Tracking External Source CONFIRM https://jira.mariadb.org/browse/MDEV-10465
https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ Release Notes; Vendor Advisory External Source CONFIRM https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ Release Notes; Vendor Advisory External Source CONFIRM https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ Release Notes; Vendor Advisory External Source CONFIRM https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/
https://security.gentoo.org/glsa/201701-01 External Source GENTOO GLSA-201701-01
https://www.exploit-db.com/exploits/40360/ Exploit; Third Party Advisory; VDB Entry External Source EXPLOIT-DB 40360
https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ Third Party Advisory External Source CONFIRM https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/

Technical Details

Vulnerability Type (View All)

  • Permissions, Privileges, and Access Control (CWE-264)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*    versions up to (including) 5.5.52
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*    versions up to (including) 5.6.33
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*    versions up to (including) 5.7.15
Configuration 2
OR
cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*    versions up to (including) 5.5.50-38.0
cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*    versions up to (including) 5.6.31-77.0
cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*    versions up to (including) 5.7.13-6
Configuration 3
OR
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*    versions up to (including) 5.5.50
cpe:2.3:a:mariadb:mariadb:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.15:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.17:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.18:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.19:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.20:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.21:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.22:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.23:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.24:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.25:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.26:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.3:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.4:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.5:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.6:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.7:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.8:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.9:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.10:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.11:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.12:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.13:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.14:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.15:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.1.16:*:*:*:*:*:*:*

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 13 change records found - show changes