Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root.

References

bugzilla.redhat.com/show_bug.cgi?id=1414133

alpinelinux 2

veracode 2

ibm 2

cve 3

prion 3

f5 2

debiancve 2

osv 5

mariadbunix 2

cbl_mariner 1

ubuntucve 2

redhatcve 1

myhack58 1

nessus 33

zdt 1

checkpoint_advisories 1

thn 1

openvas 26

gentoo 2

mageia 1

suse 6

exploitpack 2

debian 5

slackware 1

threatpost 1

packetstorm 2

seebug 2

exploitdb 2

freebsd 2

centos 1

redhat 7

oraclelinux 1

fedora 6

ubuntu 1

oracle 2

alpinelinux

CVE-2016-6664

2016-12-13 21:59:00

CVE-2017-3312

2017-01-27 22:59:00

veracode

Privilege Escalation

2019-05-02 05:51:01

Improper Access Control

2019-05-02 06:37:03

ibm

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by the Open Source Oracle MySQL Vulnerabilities (CVE-2016-6664)

2018-06-16 21:48:33

Security Bulletin: Vulnerabilities in MariaDB affect PowerKVM

2018-06-18 01:38:06

cve

CVE-2016-6664

2016-12-13 21:59:00

CVE-2017-3312

2017-01-27 22:59:00

CVE-2016-5617

2016-10-25 14:31:00

prion

Design/Logic Flaw

2016-12-13 21:59:00

Design/Logic Flaw

2017-01-27 22:59:00

Design/Logic Flaw

2016-10-25 14:31:00

K15605622 : MySQL vulnerability CVE-2016-6664

2022-01-07 00:00:00

K92071148 : Server component of Oracle MySQL vulnerabilities CVE-2016-8318, CVE-2017-3291, CVE-2017-3312, CVE-2017-3313, and CVE-2017-3320

2017-04-11 00:00:00

debiancve

CVE-2016-6664

2016-12-13 21:59:00

CVE-2017-3312

2017-01-27 22:59:00

osv

CVE-2016-6664

2016-12-13 21:59:00

CVE-2017-3312

2017-01-27 22:59:04

mariadb-10.0 - security update

2017-01-22 00:00:00

mariadbunix

CVE-2016-6664

2016-12-13 21:59:00

CVE-2017-3312

2017-01-27 22:59:00

cbl_mariner

CVE-2016-6664 affecting package mariadb 10.3.17-3

2021-05-06 23:57:26

ubuntucve

CVE-2017-3312

2017-01-18 00:00:00

CVE-2016-6664

2016-12-13 00:00:00

redhatcve

CVE-2016-6664

2016-11-03 22:17:38

myhack58

MySQL is now a high-risk vulnerability that can cause the server root permission is stealing-vulnerability warning-the black bar safety net

2016-11-05 00:00:00

nessus

MariaDB Server 10.0.x < 10.0.28 Multiple Vulnerabilities

2016-11-04 00:00:00

MariaDB 5.5.x < 5.5.54 Multiple Vulnerabilities

2017-01-13 00:00:00

Debian DSA-3770-1 : mariadb-10.0 - security update

2017-01-23 00:00:00

zdt

MySQL / MariaDB / PerconaDB - 'root' Privilege Escalation Vulnerability

2016-11-02 00:00:00

checkpoint_advisories

MySQL Remote Code Execution (CVE-2016-6662; CVE-2016-6663; CVE-2016-6664)

2016-09-20 00:00:00

thn

Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)

2016-11-02 21:16:00

openvas

SUSE: Security Advisory (SUSE-SU-2017:0412-1)

2021-04-19 00:00:00

Slackware: Security Advisory (SSA:2017-018-01)

2022-04-21 00:00:00

Debian: Security Advisory (DSA-3770-1)

2017-01-21 00:00:00

gentoo

MariaDB: Multiple vulnerabilities

2017-02-20 00:00:00

MySQL: Multiple vulnerabilities

2017-02-20 00:00:00

mageia

Updated mariadb packages fix security vulnerability

2017-02-20 16:00:19

suse

Security update for mariadb (important)

2017-02-07 18:11:31

Security update for mariadb (important)

2017-02-07 18:08:59

Security update for mysql (important)

2017-02-07 00:07:36

exploitpack

MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - mysql System User Privilege Escalation Race Condition

2016-11-01 00:00:00

MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - root System User Privilege Escalation

2016-11-01 00:00:00

debian

[SECURITY] [DSA 3770-1] mariadb-10.0 security update

2017-01-22 12:30:50

[SECURITY] [DSA 3770-1] mariadb-10.0 security update

2017-01-22 12:30:50

[SECURITY] [DSA 3767-1] mysql-5.5 security update

2017-01-19 20:31:53

slackware

[slackware-security] mariadb

2017-01-18 20:40:17

threatpost

Critical MySQL Vulnerabilities Can Lead to Server Compromise

2016-11-02 14:02:10

packetstorm

MySQL / MariaDB / PerconaDB Root Privilege Escalation

2016-11-02 00:00:00

MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition

2016-11-02 00:00:00

seebug

MySQL / MariaDB / PerconaDB elevation of privilege vulnerability, CVE-2016-6664）

2016-11-02 00:00:00

MySQL / MariaDB / PerconaDB 提权/条件竞争漏洞（CVE-2016-6663）

2016-11-02 00:00:00

exploitdb

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition

2016-11-01 00:00:00

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation

2016-11-01 00:00:00

freebsd

MySQL -- multiple vulnerabilities

2016-09-13 00:00:00

mysql -- multiple vulnerabilities

2017-01-18 00:00:00

centos

mariadb security update

2017-08-24 01:39:47

redhat

(RHSA-2017:2192) Moderate: mariadb security and bug fix update

2017-08-01 05:58:44

(RHSA-2016:2749) Important: rh-mysql56-mysql security update

2016-11-15 11:05:56

(RHSA-2016:2130) Important: mysql55-mysql security update

2016-10-31 19:33:48

oraclelinux

mariadb security and bug fix update

2017-08-07 00:00:00

fedora

[SECURITY] Fedora 25 Update: mariadb-10.1.21-1.fc25

2017-02-09 04:23:02

[SECURITY] Fedora 24 Update: mariadb-10.1.21-1.fc24

2017-02-09 20:51:26

[SECURITY] Fedora 24 Update: mariadb-10.1.24-3.fc24

2017-06-16 17:51:10

ubuntu

MySQL vulnerabilities

2017-01-19 00:00:00

oracle

Oracle Critical Patch Update - October 2016

2016-10-18 00:00:00

Oracle Critical Patch Update Advisory - January 2017

2017-01-17 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

JSON

Related for RH:CVE-2017-3312