7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
Oracle MySQL, MariaDB, Percona Server and Percona XtraDB Cluster are vulnerable to privilege escalation. A locally authenticated attacker may use race condition while setting stats during MyISAM table repair to obtain elevated privileges.
rhn.redhat.com/errata/RHSA-2016-2130.html
rhn.redhat.com/errata/RHSA-2016-2131.html
rhn.redhat.com/errata/RHSA-2016-2595.html
rhn.redhat.com/errata/RHSA-2016-2749.html
rhn.redhat.com/errata/RHSA-2016-2927.html
rhn.redhat.com/errata/RHSA-2016-2928.html
rhn.redhat.com/errata/RHSA-2017-0184.html
seclists.org/fulldisclosure/2016/Nov/4
www.openwall.com/lists/oss-security/2016/10/25/4
www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL
www.securityfocus.com/bid/92911
www.securityfocus.com/bid/93614
access.redhat.com/security/cve/CVE-2016-6663
access.redhat.com/security/cve/CVE-2016-6664
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1386562
dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html
dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html
dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html
dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html
dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html
github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805
github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291
legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html
mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/
mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/
mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/
rhn.redhat.com/errata/RHSA-2016-2130.html
www.exploit-db.com/exploits/40678/
www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P