A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user (CVE-2016-6663). This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section (CVE-2016-3492, CVE-2016-5584, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-7440, CVE-2016-8283).

OSVersionArchitecturePackageVersionFilename
Mageia5noarchmariadb< 10.0.28-1mariadb-10.0.28-1.mga5

OS	Version	Architecture	Package	Version	Filename
Mageia	5	noarch	mariadb	< 10.0.28-1	mariadb-10.0.28-1.mga5

References

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

bugs.mageia.org/show_bug.cgi?id=19693

mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/

rhn.redhat.com/errata/RHSA-2016-2595.html

suse 7

nessus 53

openvas 28

debian 5

slackware 1

altlinux 1

redhat 7

ibm 3

oraclelinux 2

centos 2

freebsd 2

ubuntu 1

redhatcve 8

ubuntucve 8

cve 9

mariadbunix 9

prion 9

zdt 1

fedora 2

amazon 1

exploitpack 3

veracode 7

f5 10

threatpost 2

packetstorm 3

seebug 3

debiancve 1

exploitdb 3

archlinux 1

thn 2

myhack58 2

gentoo 1

checkpoint_advisories 1

rosalinux 1

suse

Security update for mariadb (important)

2016-12-06 16:11:11

Security update for mariadb (important)

2016-11-28 20:07:13

2016-11-28 20:09:17

nessus

Slackware 14.1 / 14.2 / current : mariadb (SSA:2016-305-03)

2016-11-01 00:00:00

openSUSE Security Update : mariadb (openSUSE-2016-1416)

2016-12-07 00:00:00

SUSE SLES12 Security Update : mariadb (SUSE-SU-2016:2932-1)

2016-11-29 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2016:2933-1)

2021-04-19 00:00:00

Debian Security Advisory DSA 3711-1 (mariadb-10.0 - security update)

2016-11-11 00:00:00

openSUSE: Security Advisory for mariadb (openSUSE-SU-2016:3025-1)

2017-02-22 00:00:00

debian

[SECURITY] [DSA 3711-1] mariadb-10.0 security update

2016-11-11 21:02:15

[SECURITY] [DSA 3711-1] mariadb-10.0 security update

2016-11-11 21:02:15

[SECURITY] [DLA 708-1] mysql-5.5 security update

2016-11-16 10:19:21

slackware

[slackware-security] mariadb

2016-11-01 03:40:41

altlinux

Security fix for the ALT Linux 8 package mariadb version 10.1.18-alt1

2016-10-25 00:00:00

redhat

(RHSA-2016:2595) Important: mariadb security and bug fix update

2016-11-03 06:07:15

(RHSA-2016:2131) Important: mariadb55-mariadb security update

2016-10-31 22:00:47

(RHSA-2016:2130) Important: mysql55-mysql security update

2016-10-31 19:33:48

ibm

Security Bulletin: Vulnerabilities in mariadb affect PowerKVM

2018-06-18 01:34:53

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Open Source MySQL MySQL Vulnerabilities (CVE-2016-6663)

2018-06-16 21:48:33

Security Bulletin: Multiple vulnerabilities in openssl, gnutl, mysql, kernel, glibc, ntp shipped with SmartCloud Entry Appliance

2020-07-19 00:49:12

oraclelinux

mariadb security and bug fix update

2016-11-09 00:00:00

mysql security update

2017-01-24 00:00:00

centos

mariadb security update

2016-11-25 16:00:08

mysql security update

2017-01-26 22:35:43

freebsd

MySQL -- multiple vulnerabilities

2016-09-13 00:00:00

MySQL -- multiple vulnerabilities

2016-10-17 00:00:00

ubuntu

MySQL vulnerabilities

2016-10-25 00:00:00

redhatcve

CVE-2016-6663

2016-12-15 20:18:51

CVE-2016-5624

2016-12-15 20:18:20

CVE-2016-7440

2016-10-19 09:47:38

ubuntucve

CVE-2016-6663

2016-12-13 00:00:00

CVE-2016-5626

2016-10-25 00:00:00

CVE-2016-5629

2016-10-25 00:00:00

cve

CVE-2016-5616

2016-10-25 14:31:00

CVE-2016-5629

2016-10-25 14:31:00

CVE-2016-5626

2016-10-25 14:31:00

mariadbunix

CVE-2016-5616

2016-10-25 14:31:00

CVE-2016-5626

2016-10-25 14:31:00

CVE-2016-5629

2016-10-25 14:31:00

prion

Design/Logic Flaw

2016-10-25 14:31:00

Design/Logic Flaw

2016-10-25 14:31:00

Design/Logic Flaw

2016-10-25 14:31:00

zdt

MySQL / MariaDB / PerconaDB - 'mysql' System User Privilege Escalation / Race Condition

2016-11-02 00:00:00

fedora

[SECURITY] Fedora 24 Update: community-mysql-5.7.17-1.fc24

2016-12-27 22:49:07

[SECURITY] Fedora 25 Update: community-mysql-5.7.17-1.fc25

2016-12-27 15:52:21

amazon

Important: mysql51

2017-02-22 18:00:00

exploitpack

MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - mysql System User Privilege Escalation Race Condition

2016-11-01 00:00:00

MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - root System User Privilege Escalation

2016-11-01 00:00:00

MySQL MariaDB PerconaDB 5.5.515.6.325.7.14 - Code Execution Privilege Escalation

2016-09-12 00:00:00

veracode

Denial Of Service (DoS)

2019-05-02 05:51:01

Denial Of Service (DoS)

2019-05-02 05:51:01

Privilege Escalation

2019-05-02 05:51:01

K11091514 : MySQL vulnerability CVE-2016-5626

2016-11-21 00:00:00

SOL24311131 - MySQL vulnerability CVE-2016-3492

2016-11-21 00:00:00

K24311131 : MySQL vulnerability CVE-2016-3492

2016-11-21 00:00:00

threatpost

Critical MySQL Vulnerabilities Can Lead to Server Compromise

2016-11-02 14:02:10

Critical MySQL Vulnerability Disclosed

2016-09-12 11:00:58

packetstorm

MySQL / MariaDB / PerconaDB Root Privilege Escalation

2016-11-02 00:00:00

MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition

2016-11-02 00:00:00

MySQL 5.7.15 / 5.6.33 / 5.5.52 Remote Code Execution

2016-09-12 00:00:00

seebug

MySQL / MariaDB / PerconaDB elevation of privilege vulnerability, CVE-2016-6664）

2016-11-02 00:00:00

MySQL / MariaDB / PerconaDB 提权/条件竞争漏洞（CVE-2016-6663）

2016-11-02 00:00:00

MySQL <= 5.7.15 remote Root code execution vulnerability

2016-09-13 00:00:00

debiancve

CVE-2016-7440

2016-12-13 16:59:00

exploitdb

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition

2016-11-01 00:00:00

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation

2016-11-01 00:00:00

MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation

2016-09-12 00:00:00

archlinux

mariadb: multiple issues

2016-09-14 00:00:00

thn

New MySQL Zero Days — Hacking Website Databases

2016-09-12 06:14:00

Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)

2016-11-02 21:16:00

myhack58

Linux application permissions incorrectly can provide the right series vulnerability analysis-vulnerability warning-the black bar safety net

2016-11-29 00:00:00

MySQL is now a high-risk vulnerability that can cause the server root permission is stealing-vulnerability warning-the black bar safety net

2016-11-05 00:00:00

gentoo

MariaDB and MySQL: Multiple vulnerabilities

2017-01-01 00:00:00

checkpoint_advisories

MySQL Remote Code Execution (CVE-2016-6662; CVE-2016-6663; CVE-2016-6664)

2016-09-20 00:00:00

rosalinux

Advisory ROSA-SA-2021-1914

2021-07-02 17:27:51

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.003 Low

EPSS

Percentile

68.7%

JSON

Related for MGASA-2016-0371