RCE Bugs discovered in MySQL and its variants like MariaDB.
It works by manipulating my.cnf files and using --malloc-lib.
The bug seems fixed in MySQL 5.7.15 by Oracle

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmysql57-client< 5.7.15UNKNOWN
FreeBSDanynoarchmysql57-server< 5.7.15UNKNOWN
FreeBSDanynoarchmysql56-client< 5.6.33UNKNOWN
FreeBSDanynoarchmysql56-server< 5.6.33UNKNOWN
FreeBSDanynoarchmysql55-client< 5.5.52UNKNOWN
FreeBSDanynoarchmysql55-server< 5.5.52UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	mysql57-client	< 5.7.15	UNKNOWN
FreeBSD	any	noarch	mysql57-server	< 5.7.15	UNKNOWN
FreeBSD	any	noarch	mysql56-client	< 5.6.33	UNKNOWN
FreeBSD	any	noarch	mysql56-server	< 5.6.33	UNKNOWN
FreeBSD	any	noarch	mysql55-client	< 5.5.52	UNKNOWN
FreeBSD	any	noarch	mysql55-server	< 5.5.52	UNKNOWN

References

legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html

dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html

f5 2

suse 8

nessus 50

redhat 13

osv 4

veracode 1

debian 3

prion 1

slackware 1

openvas 28

mariadbunix 1

fedora 2

cve 1

zdt 1

ubuntu 1

alpinelinux 1

cloudfoundry 1

ibm 4

ubuntucve 1

redhatcve 1

amazon 2

freebsd 2

archlinux 1

thn 3

threatpost 2

exploitpack 3

exploitdb 3

seebug 3

packetstorm 3

checkpoint_advisories 1

oraclelinux 3

centos 2

gentoo 1

oracle 1

SOL72255110 - MySQL vulnerability CVE-2016-6662

2016-09-26 00:00:00

K72255110 : MySQL vulnerability CVE-2016-6662

2016-09-26 00:00:00

suse

Security update for mariadb (important)

2016-09-27 21:12:05

Security update for mariadb (important)

2016-09-27 19:14:25

Security update for mariadb (important)

2016-10-04 17:09:01

nessus

SUSE SLES12 Security Update : mariadb (SUSE-SU-2016:2395-1)

2016-09-28 00:00:00

Fedora 23 : 1:mariadb (2016-58f90ae3cc)

2016-10-06 00:00:00

Ubuntu 14.04 LTS / 16.04 LTS : MySQL vulnerability (USN-3078-1)

2016-09-15 00:00:00

redhat

(RHSA-2016:2060) Important: mariadb-galera security and bug fix update

2016-10-13 05:07:39

(RHSA-2016:2058) Important: mariadb-galera security update

2016-10-13 05:07:34

(RHSA-2016:2061) Important: mariadb-galera security and bug fix update

2016-10-13 05:07:42

osv

mysql-5.5 - security update

2016-09-16 00:00:00

CVE-2020-10996

2020-04-27 13:15:12

CVE-2020-15180

2021-05-27 20:15:07

veracode

Arbitrary Code Execution

2019-01-15 09:13:35

debian

[SECURITY] [DLA 624-1] mysql-5.5 security update

2016-09-16 15:37:59

[SECURITY] [DSA 3666-1] mysql-5.5 security update

2016-09-14 15:13:34

[SECURITY] [DSA 3666-1] mysql-5.5 security update

2016-09-14 15:13:34

prion

Design/Logic Flaw

2016-09-20 18:59:00

slackware

[slackware-security] mariadb / mysql

2016-09-13 20:15:07

openvas

Slackware: Security Advisory (SSA:2016-257-01)

2022-04-21 00:00:00

SUSE: Security Advisory (SUSE-SU-2016:2395-1)

2021-04-19 00:00:00

MariaDB 'my.conf' Security Bypass Vulnerability - Linux

2016-09-26 00:00:00

mariadbunix

CVE-2016-6662

2016-09-20 18:59:00

fedora

[SECURITY] Fedora 24 Update: community-mysql-5.7.15-1.fc24

2016-09-27 03:57:17

[SECURITY] Fedora 23 Update: mariadb-10.0.27-1.fc23

2016-10-03 20:22:41

cve

CVE-2016-6662

2016-09-20 18:59:00

zdt

MySQL / MariaDB / PerconaDB 5.5.52 / 5.6.33 / 5.7.15 - Code Execution / Privilege Escalation

2016-09-12 00:00:00

ubuntu

MySQL vulnerability

2016-09-13 00:00:00

alpinelinux

CVE-2016-6662

2016-09-20 18:59:00

cloudfoundry

CVE-2016-6662 - Multiple MySQL Vulnerabilities | Cloud Foundry

2016-09-28 00:00:00

ibm

Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Vulnerabilities (CVE-2016-6662)

2018-06-16 21:47:55

Security Bulletin: MySQL 0-day exploit (CVE-2016-6662)

2018-12-08 04:55:34

Security Bulletin: Vulnerabilities in mariadb affect PowerKVM

2018-06-18 01:34:53

ubuntucve

CVE-2016-6662

2016-09-12 00:00:00

redhatcve

CVE-2016-6662

2016-12-15 20:18:44

amazon

Important: mysql55, mysql56

2016-10-12 17:00:00

Important: mysql51

2017-02-22 18:00:00

freebsd

Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662

2016-09-12 00:00:00

mysql -- Remote Root Code Execution

2016-09-12 00:00:00

archlinux

mariadb: multiple issues

2016-09-14 00:00:00

thn

Why Database Patching Best Practice Just Doesn't Work and How to Fix It

2021-10-18 16:00:00

New MySQL Zero Days — Hacking Website Databases

2016-09-12 06:14:00

Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)

2016-11-02 21:16:00

threatpost

Critical MySQL Vulnerability Disclosed

2016-09-12 11:00:58

Critical MySQL Vulnerabilities Can Lead to Server Compromise

2016-11-02 14:02:10

exploitpack

MySQL MariaDB PerconaDB 5.5.515.6.325.7.14 - Code Execution Privilege Escalation

2016-09-12 00:00:00

MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - mysql System User Privilege Escalation Race Condition

2016-11-01 00:00:00

MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - root System User Privilege Escalation

2016-11-01 00:00:00

exploitdb

MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation

2016-09-12 00:00:00

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition

2016-11-01 00:00:00

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation

2016-11-01 00:00:00

seebug

MySQL <= 5.7.15 remote Root code execution vulnerability

2016-09-13 00:00:00

MySQL / MariaDB / PerconaDB elevation of privilege vulnerability, CVE-2016-6664）

2016-11-02 00:00:00

MySQL / MariaDB / PerconaDB 提权/条件竞争漏洞（CVE-2016-6663）

2016-11-02 00:00:00

packetstorm

MySQL 5.7.15 / 5.6.33 / 5.5.52 Remote Code Execution

2016-09-12 00:00:00

MySQL / MariaDB / PerconaDB Root Privilege Escalation

2016-11-02 00:00:00

MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition

2016-11-02 00:00:00

checkpoint_advisories

MySQL Remote Code Execution (CVE-2016-6662; CVE-2016-6663; CVE-2016-6664)

2016-09-20 00:00:00

oraclelinux

mysql security update

2017-01-24 00:00:00

mariadb security and bug fix update

2016-11-09 00:00:00

mariadb security and bug fix update

2017-08-07 00:00:00

centos

mysql security update

2017-01-26 22:35:43

mariadb security update

2016-11-25 16:00:08

gentoo

MariaDB and MySQL: Multiple vulnerabilities

2017-01-01 00:00:00

oracle

Oracle Critical Patch Update - October 2016

2016-10-18 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

79.8%

JSON

Related for DC596A17-7A9E-11E6-B034-F0DEF167EEEA