A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root.

References

bugzilla.redhat.com/show_bug.cgi?id=1386564

legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.txt

prion 2

nessus 29

cve 2

ubuntucve 1

zdt 1

threatpost 1

exploitpack 2

packetstorm 2

seebug 2

alpinelinux 1

veracode 2

ibm 2

f5 1

debiancve 1

osv 2

mariadbunix 1

cbl_mariner 1

exploitdb 2

redhatcve 1

myhack58 1

openvas 17

freebsd 1

checkpoint_advisories 1

thn 1

redhat 5

centos 1

oraclelinux 1

fedora 2

suse 6

gentoo 1

mageia 1

debian 2

slackware 1

oracle 1

prion

Design/Logic Flaw

2016-10-25 14:31:00

Design/Logic Flaw

2016-12-13 21:59:00

nessus

MariaDB Server 10.0.x < 10.0.28 Multiple Vulnerabilities

2016-11-04 00:00:00

FreeBSD : MySQL -- multiple vulnerabilities (22373c43-d728-11e6-a9a5-b499baebfeaf)

2017-01-16 00:00:00

EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2017-1169)

2017-09-08 00:00:00

cve

CVE-2016-5617

2016-10-25 14:31:00

CVE-2016-6664

2016-12-13 21:59:00

ubuntucve

CVE-2016-6664

2016-12-13 00:00:00

zdt

MySQL / MariaDB / PerconaDB - 'root' Privilege Escalation Vulnerability

2016-11-02 00:00:00

threatpost

Critical MySQL Vulnerabilities Can Lead to Server Compromise

2016-11-02 14:02:10

exploitpack

MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - root System User Privilege Escalation

2016-11-01 00:00:00

MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - mysql System User Privilege Escalation Race Condition

2016-11-01 00:00:00

packetstorm

MySQL / MariaDB / PerconaDB Root Privilege Escalation

2016-11-02 00:00:00

MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition

2016-11-02 00:00:00

seebug

MySQL / MariaDB / PerconaDB elevation of privilege vulnerability, CVE-2016-6664）

2016-11-02 00:00:00

MySQL / MariaDB / PerconaDB 提权/条件竞争漏洞（CVE-2016-6663）

2016-11-02 00:00:00

alpinelinux

CVE-2016-6664

2016-12-13 21:59:00

veracode

Privilege Escalation

2019-05-02 05:51:01

Privilege Escalation

2019-01-15 09:21:18

ibm

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by the Open Source Oracle MySQL Vulnerabilities (CVE-2016-6664)

2018-06-16 21:48:33

Security Bulletin: Vulnerabilities in MariaDB affect PowerKVM

2018-06-18 01:38:06

K15605622 : MySQL vulnerability CVE-2016-6664

2022-01-07 00:00:00

debiancve

CVE-2016-6664

2016-12-13 21:59:00

osv

CVE-2016-6664

2016-12-13 21:59:00

mariadb-10.0 - security update

2017-01-22 00:00:00

mariadbunix

CVE-2016-6664

2016-12-13 21:59:00

cbl_mariner

CVE-2016-6664 affecting package mariadb 10.3.17-3

2021-05-06 23:57:26

exploitdb

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation

2016-11-01 00:00:00

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition

2016-11-01 00:00:00

redhatcve

CVE-2017-3312

2019-10-10 10:23:00

myhack58

MySQL is now a high-risk vulnerability that can cause the server root permission is stealing-vulnerability warning-the black bar safety net

2016-11-05 00:00:00

openvas

Oracle MySQL Server <= 5.5.51 / 5.6 <= 5.6.32 / 5.7 <= 5.7.14 Security Update (cpuoct2016) - Windows

2016-10-19 00:00:00

Oracle MySQL Server <= 5.5.51 / 5.6 <= 5.6.32 / 5.7 <= 5.7.14 Security Update (cpuoct2016) - Linux

2016-10-19 00:00:00

Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2017-1169)

2020-01-23 00:00:00

freebsd

MySQL -- multiple vulnerabilities

2016-09-13 00:00:00

checkpoint_advisories

MySQL Remote Code Execution (CVE-2016-6662; CVE-2016-6663; CVE-2016-6664)

2016-09-20 00:00:00

thn

Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)

2016-11-02 21:16:00

redhat

(RHSA-2016:2749) Important: rh-mysql56-mysql security update

2016-11-15 11:05:56

(RHSA-2016:2130) Important: mysql55-mysql security update

2016-10-31 19:33:48

(RHSA-2017:2192) Moderate: mariadb security and bug fix update

2017-08-01 05:58:44

centos

mariadb security update

2017-08-24 01:39:47

oraclelinux

mariadb security and bug fix update

2017-08-07 00:00:00

fedora

[SECURITY] Fedora 24 Update: community-mysql-5.7.17-1.fc24

2016-12-27 22:49:07

[SECURITY] Fedora 25 Update: community-mysql-5.7.17-1.fc25

2016-12-27 15:52:21

suse

Security update for mariadb (important)

2017-02-07 18:11:31

Security update for mariadb (important)

2017-02-07 18:08:59

Security update for mysql (important)

2017-02-07 00:07:36

gentoo

MariaDB: Multiple vulnerabilities

2017-02-20 00:00:00

mageia

Updated mariadb packages fix security vulnerability

2017-02-20 16:00:19

debian

[SECURITY] [DSA 3770-1] mariadb-10.0 security update

2017-01-22 12:30:50

[SECURITY] [DSA 3770-1] mariadb-10.0 security update

2017-01-22 12:30:50

slackware

[slackware-security] mariadb

2017-01-18 20:40:17

oracle

Oracle Critical Patch Update - October 2016

2016-10-18 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

JSON

Related for RH:CVE-2016-6664