A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user.

References

bugzilla.redhat.com/show_bug.cgi?id=1378936

legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.txt

ubuntucve 1

cve 2

mariadbunix 2

prion 2

zdt 1

nessus 37

openvas 19

amazon 1

oraclelinux 2

redhat 7

centos 2

exploitpack 3

threatpost 2

seebug 3

packetstorm 3

ibm 3

veracode 2

exploitdb 3

f5 3

altlinux 1

archlinux 1

thn 2

myhack58 2

suse 6

slackware 1

freebsd 1

debian 2

checkpoint_advisories 1

mageia 1

fedora 2

oracle 1

ubuntucve

CVE-2016-6663

2016-12-13 00:00:00

cve

CVE-2016-5616

2016-10-25 14:31:00

CVE-2016-6663

2016-12-13 21:59:00

mariadbunix

CVE-2016-5616

2016-10-25 14:31:00

CVE-2016-6663

2016-12-13 21:59:00

prion

Design/Logic Flaw

2016-10-25 14:31:00

Race condition

2016-12-13 21:59:00

zdt

MySQL / MariaDB / PerconaDB - 'mysql' System User Privilege Escalation / Race Condition

2016-11-02 00:00:00

nessus

Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20170124)

2017-01-25 00:00:00

Amazon Linux AMI : mysql51 (ALAS-2017-800)

2017-02-23 00:00:00

RHEL 6 : mysql (RHSA-2017:0184)

2017-01-25 00:00:00

openvas

RedHat Update for mysql RHSA-2017:0184-01

2017-01-25 00:00:00

CentOS Update for mysql CESA-2017:0184 centos6

2017-01-27 00:00:00

Oracle MySQL Server <= 5.5.51 / 5.6 <= 5.6.32 / 5.7 <= 5.7.14 Security Update (cpuoct2016) - Linux

2016-10-19 00:00:00

amazon

Important: mysql51

2017-02-22 18:00:00

oraclelinux

mysql security update

2017-01-24 00:00:00

mariadb security and bug fix update

2016-11-09 00:00:00

redhat

(RHSA-2017:0184) Important: mysql security update

2017-01-24 10:49:30

(RHSA-2016:2595) Important: mariadb security and bug fix update

2016-11-03 06:07:15

(RHSA-2016:2131) Important: mariadb55-mariadb security update

2016-10-31 22:00:47

centos

mysql security update

2017-01-26 22:35:43

mariadb security update

2016-11-25 16:00:08

exploitpack

MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - mysql System User Privilege Escalation Race Condition

2016-11-01 00:00:00

MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - root System User Privilege Escalation

2016-11-01 00:00:00

MySQL MariaDB PerconaDB 5.5.515.6.325.7.14 - Code Execution Privilege Escalation

2016-09-12 00:00:00

threatpost

Critical MySQL Vulnerabilities Can Lead to Server Compromise

2016-11-02 14:02:10

Critical MySQL Vulnerability Disclosed

2016-09-12 11:00:58

seebug

MySQL / MariaDB / PerconaDB elevation of privilege vulnerability, CVE-2016-6664）

2016-11-02 00:00:00

MySQL / MariaDB / PerconaDB 提权/条件竞争漏洞（CVE-2016-6663）

2016-11-02 00:00:00

MySQL <= 5.7.15 remote Root code execution vulnerability

2016-09-13 00:00:00

packetstorm

MySQL / MariaDB / PerconaDB Root Privilege Escalation

2016-11-02 00:00:00

MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition

2016-11-02 00:00:00

MySQL 5.7.15 / 5.6.33 / 5.5.52 Remote Code Execution

2016-09-12 00:00:00

ibm

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Open Source MySQL MySQL Vulnerabilities (CVE-2016-6663)

2018-06-16 21:48:33

Security Bulletin: Vulnerabilities in mariadb affect PowerKVM

2018-06-18 01:34:53

Security Bulletin: Multiple vulnerabilities in openssl, gnutl, mysql, kernel, glibc, ntp shipped with SmartCloud Entry Appliance

2020-07-19 00:49:12

veracode

Privilege Escalation

2019-05-02 05:51:01

Privilege Escalation

2019-01-15 09:15:26

exploitdb

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition

2016-11-01 00:00:00

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation

2016-11-01 00:00:00

MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation

2016-09-12 00:00:00

K73828041 : MySQL vulnerability CVE-2016-6663

2017-02-03 00:00:00

SOL13201415 - MySQL vulnerability CVE-2016-5616

2016-11-21 00:00:00

K13201415 : MySQL vulnerability CVE-2016-5616

2016-11-21 00:00:00

altlinux

Security fix for the ALT Linux 8 package mariadb version 10.1.18-alt1

2016-10-25 00:00:00

archlinux

mariadb: multiple issues

2016-09-14 00:00:00

thn

New MySQL Zero Days — Hacking Website Databases

2016-09-12 06:14:00

Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)

2016-11-02 21:16:00

myhack58

Linux application permissions incorrectly can provide the right series vulnerability analysis-vulnerability warning-the black bar safety net

2016-11-29 00:00:00

MySQL is now a high-risk vulnerability that can cause the server root permission is stealing-vulnerability warning-the black bar safety net

2016-11-05 00:00:00

suse

Security update for mariadb (important)

2016-12-06 16:11:11

Security update for mariadb (important)

2016-11-28 20:07:13

2016-11-28 20:09:17

slackware

[slackware-security] mariadb

2016-11-01 03:40:41

freebsd

MySQL -- multiple vulnerabilities

2016-09-13 00:00:00

debian

[SECURITY] [DSA 3711-1] mariadb-10.0 security update

2016-11-11 21:02:15

[SECURITY] [DSA 3711-1] mariadb-10.0 security update

2016-11-11 21:02:15

checkpoint_advisories

MySQL Remote Code Execution (CVE-2016-6662; CVE-2016-6663; CVE-2016-6664)

2016-09-20 00:00:00

mageia

Updated mariadb packages fix security vulnerabilities

2016-11-10 00:43:03

fedora

[SECURITY] Fedora 24 Update: community-mysql-5.7.17-1.fc24

2016-12-27 22:49:07

[SECURITY] Fedora 25 Update: community-mysql-5.7.17-1.fc25

2016-12-27 15:52:21

oracle

Oracle Critical Patch Update - October 2016

2016-10-18 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

JSON

Related for RH:CVE-2016-6663