{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-12T00:00:00", "descriptions": [{"lang": "en", "value": "Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/"}, {"name": "RHSA-2016:2749", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2749.html"}, {"name": "RHSA-2017:0184", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0184.html"}, {"name": "RHSA-2016:2131", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2131.html"}, {"name": "RHSA-2016:2060", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2060.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://jira.mariadb.org/browse/MDEV-10465"}, {"name": "92912", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92912"}, {"name": "20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Sep/23"}, {"name": "GLSA-201701-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-01"}, {"name": "DSA-3666", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3666"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"name": "RHSA-2016:2130", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2130.html"}, {"name": "RHSA-2016:2077", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2077.html"}, {"name": "RHSA-2016:2927", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2927.html"}, {"name": "RHSA-2016:2059", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2059.html"}, {"tags": ["x_refsource_MISC"], "url": "http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/"}, {"name": "RHSA-2016:2062", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2062.html"}, {"name": "RHSA-2016:2595", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2595.html"}, {"name": "1036769", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036769"}, {"name": "RHSA-2016:2061", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2061.html"}, {"name": "[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/09/12/3"}, {"name": "40360", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/40360/"}, {"name": "RHSA-2016:2928", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2928.html"}, {"name": "RHSA-2016:2058", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2058.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6662", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/", "refsource": "CONFIRM", "url": "https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/"}, {"name": "RHSA-2016:2749", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2749.html"}, {"name": "RHSA-2017:0184", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0184.html"}, {"name": "RHSA-2016:2131", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2131.html"}, {"name": "RHSA-2016:2060", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2060.html"}, {"name": "https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/", "refsource": "CONFIRM", "url": "https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/"}, {"name": "https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/", "refsource": "CONFIRM", "url": "https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/"}, {"name": "https://jira.mariadb.org/browse/MDEV-10465", "refsource": "CONFIRM", "url": "https://jira.mariadb.org/browse/MDEV-10465"}, {"name": "92912", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92912"}, {"name": "20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Sep/23"}, {"name": "GLSA-201701-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-01"}, {"name": "DSA-3666", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3666"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"name": "RHSA-2016:2130", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2130.html"}, {"name": "RHSA-2016:2077", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2077.html"}, {"name": "RHSA-2016:2927", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2927.html"}, {"name": "RHSA-2016:2059", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2059.html"}, {"name": "http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html", "refsource": "MISC", "url": "http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html"}, {"name": "https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/", "refsource": "CONFIRM", "url": "https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/"}, {"name": "RHSA-2016:2062", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2062.html"}, {"name": "RHSA-2016:2595", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2595.html"}, {"name": "1036769", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036769"}, {"name": "RHSA-2016:2061", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2061.html"}, {"name": "[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/09/12/3"}, {"name": "40360", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40360/"}, {"name": "RHSA-2016:2928", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2928.html"}, {"name": "RHSA-2016:2058", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2058.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:36:29.525Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/"}, {"name": "RHSA-2016:2749", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2749.html"}, {"name": "RHSA-2017:0184", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0184.html"}, {"name": "RHSA-2016:2131", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2131.html"}, {"name": "RHSA-2016:2060", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2060.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jira.mariadb.org/browse/MDEV-10465"}, {"name": "92912", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92912"}, {"name": "20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Sep/23"}, {"name": "GLSA-201701-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-01"}, {"name": "DSA-3666", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3666"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"name": "RHSA-2016:2130", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2130.html"}, {"name": "RHSA-2016:2077", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2077.html"}, {"name": "RHSA-2016:2927", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2927.html"}, {"name": "RHSA-2016:2059", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2059.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/"}, {"name": "RHSA-2016:2062", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2062.html"}, {"name": "RHSA-2016:2595", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2595.html"}, {"name": "1036769", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036769"}, {"name": "RHSA-2016:2061", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2061.html"}, {"name": "[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/09/12/3"}, {"name": "40360", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/40360/"}, {"name": "RHSA-2016:2928", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2928.html"}, {"name": "RHSA-2016:2058", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2058.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6662", "datePublished": "2016-09-20T18:00:00", "dateReserved": "2016-08-10T00:00:00", "dateUpdated": "2024-08-06T01:36:29.525Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "982457CB-92BD-4CC2-A377-8AE7C44AE939", "versionEndIncluding": "5.5.52", "versionStartIncluding": "5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "6663D88B-4649-4910-A5FB-C384BC4C8AA7", "versionEndIncluding": "5.6.33", "versionStartIncluding": "5.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D0BA40E-DDBD-4419-8DED-39FEF868B737", "versionEndIncluding": "5.7.15", "versionStartIncluding": "5.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "E119A90E-46D5-4F4D-A3A1-C7B708AFEC68", "versionEndExcluding": "5.5.51-38.1", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "845F45D1-4EC6-48E4-A113-8B1503C74C27", "versionEndExcluding": "5.6.32-78.0", "versionStartIncluding": "5.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "5555A98A-D7F2-4211-A62B-D108F4F8F920", "versionEndExcluding": "5.7.14-7", "versionStartIncluding": "5.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1845931-A5D6-47DA-9A8E-5AC8143354D8", "versionEndExcluding": "5.5.51", "versionStartIncluding": "5.5.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2D3290F-3FFF-4679-8C67-22D76EA2AC7C", "versionEndExcluding": "10.0.27", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "66B7D3D5-1F6C-49E8-93F9-88C3E52C9879", "versionEndExcluding": "10.1.17", "versionStartIncluding": "10.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*", "matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*", "matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15."}, {"lang": "es", "value": "Oracle MySQL hasta la versi\u00f3n 5.5.52, 5.6.x hasta la versi\u00f3n 5.6.33 y 5.7.x hasta la versi\u00f3n 5.7.15; MariaDB en versiones anteriores a 5.5.51, 10.0.x en versiones anteriores a 10.0.27 y 10.1.x en versiones anteriores a 10.1.17; y Percona Server en versiones anteriores a 5.5.51-38.1, 5.6.x en versiones anteriores a 5.6.32-78.0 y 5.7.x en versiones anteriores a 5.7.14-7 permiten a usuarios locales crear configuraciones arbitrarias y eludir ciertos mecanismos de protecci\u00f3n estableciendo general_log_file a una configuraci\u00f3n my.cnf NOTA: esto puede ser aprovechado para ejecutar c\u00f3digo arbitrario con privilegios root estableciendo malloc_lib. NOTA: la informaci\u00f3n sobre la versi\u00f3n de MySQL afectada es de la CPU de Octubre de 2016 de Oracle. Oracle no ha comentado sobre las reclamaciones de terceros que el problema fue parcheado silenciosamente en MySQL 5.5.52, 5.6.33 y 5.7.15."}], "id": "CVE-2016-6662", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-20T18:59:00.127", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2058.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2059.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2060.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2061.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2062.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2077.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2130.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2131.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2595.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2749.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2927.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2928.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0184.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Sep/23"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3666"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/09/12/3"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92912"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036769"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.mariadb.org/browse/MDEV-10465"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-01"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/40360/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2058.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2059.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2060.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2061.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2062.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2077.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2130.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2131.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2595.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2749.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2927.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2928.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0184.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Sep/23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3666"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/09/12/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92912"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036769"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.mariadb.org/browse/MDEV-10465"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/40360/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:0184", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "mysql-0:5.1.73-8.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-01-24T00:00:00Z"}, {"advisory": "RHSA-2016:2595", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "mariadb-1:5.5.52-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-11-03T00:00:00Z"}, {"advisory": "RHSA-2016:2058", "cpe": "cpe:/a:redhat:openstack:5::el6", "package": "mariadb-galera-0:5.5.42-1.1.el6ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date": "2016-10-13T00:00:00Z"}, {"advisory": "RHSA-2016:2059", "cpe": "cpe:/a:redhat:openstack:5::el7", "package": "mariadb-galera-1:5.5.42-1.2.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date": "2016-10-13T00:00:00Z"}, {"advisory": "RHSA-2016:2060", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "mariadb-galera-1:5.5.42-1.2.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2016-10-13T00:00:00Z"}, {"advisory": "RHSA-2016:2061", "cpe": "cpe:/a:redhat:openstack:7::el7", "package": "mariadb-galera-1:5.5.42-5.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", "release_date": "2016-10-13T00:00:00Z"}, {"advisory": "RHSA-2016:2077", "cpe": "cpe:/a:redhat:openstack:8::el7", "package": "mariadb-galera-1:5.5.42-5.el7ost", "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)", "release_date": "2016-10-18T00:00:00Z"}, {"advisory": "RHSA-2016:2062", "cpe": "cpe:/a:redhat:openstack:9::el7", "package": "mariadb-galera-1:5.5.42-5.el7ost", "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", "release_date": "2016-10-13T00:00:00Z"}, {"advisory": "RHSA-2016:2130", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "mysql55-mysql-0:5.5.52-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-10-31T00:00:00Z"}, {"advisory": "RHSA-2016:2131", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "mariadb55-mariadb-0:5.5.53-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-10-31T00:00:00Z"}, {"advisory": "RHSA-2016:2749", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-mysql56-mysql-0:5.6.34-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2927", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-mariadb100-mariadb-1:10.0.28-5.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-12-08T00:00:00Z"}, {"advisory": "RHSA-2016:2928", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-mariadb101-mariadb-1:10.1.19-6.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-12-08T00:00:00Z"}, {"advisory": "RHSA-2016:2130", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "mysql55-mysql-0:5.5.52-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-10-31T00:00:00Z"}, {"advisory": "RHSA-2016:2131", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "mariadb55-mariadb-0:5.5.53-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-10-31T00:00:00Z"}, {"advisory": "RHSA-2016:2130", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "mysql55-mysql-0:5.5.52-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-10-31T00:00:00Z"}, {"advisory": "RHSA-2016:2131", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "mariadb55-mariadb-0:5.5.53-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-10-31T00:00:00Z"}, {"advisory": "RHSA-2016:2749", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-mysql56-mysql-0:5.6.34-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2927", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-mariadb100-mariadb-1:10.0.28-5.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-12-08T00:00:00Z"}, {"advisory": "RHSA-2016:2928", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-mariadb101-mariadb-1:10.1.19-6.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-12-08T00:00:00Z"}, {"advisory": "RHSA-2016:2130", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "mysql55-mysql-0:5.5.52-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-10-31T00:00:00Z"}, {"advisory": "RHSA-2016:2131", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "mariadb55-mariadb-0:5.5.53-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-10-31T00:00:00Z"}, {"advisory": "RHSA-2016:2749", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-mysql56-mysql-0:5.6.34-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2927", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-mariadb100-mariadb-1:10.0.28-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-12-08T00:00:00Z"}, {"advisory": "RHSA-2016:2928", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-mariadb101-mariadb-1:10.1.19-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-12-08T00:00:00Z"}, {"advisory": "RHSA-2016:2130", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "mysql55-mysql-0:5.5.52-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-10-31T00:00:00Z"}, {"advisory": "RHSA-2016:2131", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "mariadb55-mariadb-0:5.5.53-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-10-31T00:00:00Z"}, {"advisory": "RHSA-2016:2749", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-mysql56-mysql-0:5.6.34-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2130", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "mysql55-mysql-0:5.5.52-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-10-31T00:00:00Z"}, {"advisory": "RHSA-2016:2131", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "mariadb55-mariadb-0:5.5.53-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-10-31T00:00:00Z"}, {"advisory": "RHSA-2016:2749", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-mysql56-mysql-0:5.6.34-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2927", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-mariadb100-mariadb-1:10.0.28-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-12-08T00:00:00Z"}, {"advisory": "RHSA-2016:2928", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-mariadb101-mariadb-1:10.1.19-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-12-08T00:00:00Z"}, {"advisory": "RHSA-2016:2927", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-mariadb100-mariadb-1:10.0.28-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2016-12-08T00:00:00Z"}, {"advisory": "RHSA-2016:2928", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-mariadb101-mariadb-1:10.1.19-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2016-12-08T00:00:00Z"}], "bugzilla": {"description": "mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)", "id": "1375198", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375198"}, "csaw": false, "cvss": {"cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "status": "verified"}, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-732", "details": ["Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.", "It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server."], "mitigation": {"lang": "en:us", "value": "- Ensure all MySQL / MariaDB configuration files are not writeable to the mysql user. This is the default configuration in Red Hat products.\n- Ensure that non-administrative database users are not granted FILE privilege. Applications accessing data in MySQL / MariaDB databases, including web application potentially vulnerable to SQL injections, should use database accounts with the lowest privileges required.\n- If FILE permission needs to be granted to some non-administrative database users, use secure_file_priv setting to limit where files can be written to or read from."}, "name": "CVE-2016-6662", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "mysql", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "mysql55-mysql", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:mobile_application_platform:4", "fix_state": "Not affected", "package_name": "millicore", "product_name": "Red Hat Mobile Application Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Not affected", "package_name": "mariadb-galera", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}], "public_date": "2016-09-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-6662\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6662\nhttps://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.txt"], "statement": "All MySQL and MariaDB packages in Red Hat Enterprise Linux and Red Hat Software Collections install the my.cnf configuration file in /etc as root-owned and not writeable to mysqld's mysql user. This default configuration stops the published exploit for this issue.\nAll MySQL and MariaDB packages for Red Hat Enterprise Linux 7 (either those directly included in Red Hat Enterprise Linux 7 or from Red Hat Software Collections for Red Hat Enterprise Linux 7) run mysqld_safe with mysql user privileges and not root privileges, limiting the potential impact to code execution as mysql system user.\nThe MySQL 5.1 packages in Red Hat Enterprise Linux 6 do not implement support for library preloading, completely preventing the remote attack vector used by the published exploit.\nFor additional details, refer to:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1375198#c12", "threat_severity": "Important"}