mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)

🗓️ 13 Oct 2016 19:35:31Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 3 Views

MySQL general_log can write to configuration files, enabling root privilege escalation.

Reporter	Title	Published	Views	Family All 368
IBM Security Bulletins	Security Bulletin: MySQL 0-day exploit (CVE-2016-6662)	8 Dec 201804:55	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in mariadb affect PowerKVM	18 Jun 201801:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Vulnerabilities (CVE-2016-6662)	16 Jun 201821:47	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in openssl, gnutl, mysql, kernel, glibc, ntp shipped with SmartCloud Entry Appliance	19 Jul 202000:49	–	ibm
0day.today	MySQL / MariaDB / PerconaDB 5.5.52 / 5.6.33 / 5.7.15 - Code Execution / Privilege Escalation	12 Sep 201600:00	–	zdt
0day.today	MySQL / MariaDB / PerconaDB - 'mysql' System User Privilege Escalation / Race Condition	2 Nov 201600:00	–	zdt
0day.today	MySQL / MariaDB / PerconaDB - 'root' Privilege Escalation Vulnerability	2 Nov 201600:00	–	zdt
RedHat Linux	CVE-2016-6662	13 Mar 201813:45	–	redhat
RedHat Linux	Important: Red Hat Security Advisory: mariadb-galera security update	13 Oct 201619:35	–	redhat
RedHat Linux	Important: Red Hat Security Advisory: mariadb-galera security and bug fix update	13 Oct 201614:13	–	redhat

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	x86_64	mariadb-galera-common	0:5.5.42-1.1.el6ost	mariadb-galera-common-0:5.5.42-1.1.el6ost.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	mariadb-galera-debuginfo	0:5.5.42-1.1.el6ost	mariadb-galera-debuginfo-0:5.5.42-1.1.el6ost.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	mariadb-galera-server	0:5.5.42-1.1.el6ost	mariadb-galera-server-0:5.5.42-1.1.el6ost.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2016-6662
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
legalhackers	www.legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.txt
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-6662
cve	www.cve.org/CVERecord

21 Nov 2025 17:57Current

7.5High risk

Vulners AI Score7.5

CVSS 39.8

CVSS 210

EPSS0.6773

mysql general log configuration files privilege escalation root access