CVE-2016-6664

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
oraclemysql
5.5.0 ≤
𝑥
≤ 5.5.51
oraclemysql
5.6.0 ≤
𝑥
≤ 5.6.32
oraclemysql
5.7.0 ≤
𝑥
≤ 5.7.14
mariadbmariadb
5.5.0 ≤
𝑥
< 5.5.54
mariadbmariadb
10.0.0 ≤
𝑥
< 10.0.29
mariadbmariadb
10.1.0 ≤
𝑥
< 10.1.21
perconapercona_server
5.5 ≤
𝑥
< 5.5.51-38.2
perconapercona_server
5.6 ≤
𝑥
< 5.6.32-78.1
perconapercona_server
5.7 ≤
𝑥
< 5.7.14-8
perconaxtradb_cluster
5.5 ≤
𝑥
< 5.5.41-37.0
perconaxtradb_cluster
5.6 ≤
𝑥
< 5.6.32-25.17
perconaxtradb_cluster
5.7 ≤
𝑥
< 5.7.14-26.17
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mariadb-10.0
precise
dne
trusty
dne
xenial
Fixed 10.0.29-0ubuntu0.16.04.1
released
yakkety
Fixed 10.0.29-0ubuntu0.16.10.1
released
mysql-5.5
precise
Fixed 5.5.52-0ubuntu0.12.04.1
released
trusty
Fixed 5.5.52-0ubuntu0.14.04.1
released
vivid
dne
xenial
dne
yakkety
dne
mysql-5.6
precise
dne
trusty
dne
xenial
dne
yakkety
dne
mysql-5.7
precise
dne
trusty
dne
xenial
not-affected
yakkety
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
liblz4-1
suse enterprise sap 12 SP5
1.8.0-3.5.2
fixed
suse enterprise server 12 SP5
1.8.0-3.5.2
fixed
libmariadb3
suse enterprise sap 12 SP5
3.1.22-2.35.1
fixed
suse enterprise server 12 SP5
3.1.22-2.35.1
fixed
libmariadb_plugins
suse enterprise sap 12 SP5
3.1.22-2.35.1
fixed
suse enterprise server 12 SP5
3.1.22-2.35.1
fixed
libmariadbd-devel
suse enterprise sap 15 SP2
10.4.13-1.1
fixed
suse enterprise sap 15 SP3
10.5.8-1.5
fixed
suse enterprise sap 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 15 SP2
10.4.13-1.1
fixed
suse enterprise server 15 SP3
10.5.8-1.5
fixed
suse enterprise server 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
libmariadbd104-devel
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
libmariadbd19
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise sap 15 SP2
10.4.13-1.1
fixed
suse enterprise sap 15 SP3
10.5.8-1.5
fixed
suse enterprise sap 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
suse enterprise server 15 SP2
10.4.13-1.1
fixed
suse enterprise server 15 SP3
10.5.8-1.5
fixed
suse enterprise server 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
libmysqlclient-devel
suse enterprise server 12
10.0.29-20.23.1
fixed
libmysqlclient18
suse enterprise sap 12 SP1
10.0.29-22.1
fixed
suse enterprise sap 12 SP2
10.0.29-22.1
fixed
suse enterprise sap 12 SP5
10.0.40.1-2.9.1
fixed
suse enterprise server 12
10.0.29-20.23.1
fixed
suse enterprise server 12 SP1
10.0.29-22.1
fixed
suse enterprise server 12 SP2
10.0.29-22.1
fixed
suse enterprise server 12 SP5
10.0.40.1-2.9.1
fixed
libmysqlclient18-32bit
suse enterprise sap 12 SP1
10.0.29-22.1
fixed
suse enterprise sap 12 SP2
10.0.29-22.1
fixed
suse enterprise sap 12 SP5
10.0.40.1-2.9.1
fixed
suse enterprise server 12
10.0.29-20.23.1
fixed
suse enterprise server 12 SP1
10.0.29-22.1
fixed
suse enterprise server 12 SP2
10.0.29-22.1
fixed
suse enterprise server 12 SP5
10.0.40.1-2.9.1
fixed
libmysqlclient_r18
suse enterprise desktop 12 SP1
10.0.29-22.1
fixed
suse enterprise desktop 12 SP2
10.0.29-22.1
fixed
suse enterprise desktop 12 SP3
10.0.30-28.1
fixed
suse enterprise desktop 12 SP4
10.0.35-1.7
fixed
suse enterprise sap 12 SP1
10.0.29-22.1
fixed
suse enterprise sap 12 SP2
10.0.29-22.1
fixed
suse enterprise sap 12 SP3
10.0.30-28.1
fixed
suse enterprise sap 12 SP4
10.0.35-1.7
fixed
suse enterprise sap 12 SP5
10.0.40.1-2.9.1
fixed
suse enterprise server 12
10.0.29-20.23.1
fixed
suse enterprise server 12 SP1
10.0.29-22.1
fixed
suse enterprise server 12 SP2
10.0.29-22.1
fixed
suse enterprise server 12 SP3
10.0.30-28.1
fixed
suse enterprise server 12 SP4
10.0.35-1.7
fixed
suse enterprise server 12 SP5
10.0.40.1-2.9.1
fixed
suse enterprise workstation 12 SP1
10.0.29-22.1
fixed
suse enterprise workstation 12 SP2
10.0.29-22.1
fixed
suse enterprise workstation 12 SP3
10.0.30-28.1
fixed
suse enterprise workstation 12 SP4
10.0.35-1.7
fixed
suse enterprise workstation 12 SP5
10.0.40.1-2.9.1
fixed
libmysqlclient_r18-32bit
suse enterprise desktop 12 SP1
10.0.29-22.1
fixed
suse enterprise desktop 12 SP2
10.0.29-22.1
fixed
suse enterprise desktop 12 SP3
10.0.30-28.1
fixed
suse enterprise desktop 12 SP4
10.0.35-1.7
fixed
suse enterprise sap 12 SP1
10.0.29-22.1
fixed
suse enterprise sap 12 SP2
10.0.29-22.1
fixed
suse enterprise sap 12 SP3
10.0.30-28.1
fixed
suse enterprise sap 12 SP4
10.0.35-1.7
fixed
suse enterprise sap 12 SP5
10.0.40.1-2.9.1
fixed
suse enterprise server 12 SP1
10.0.29-22.1
fixed
suse enterprise server 12 SP2
10.0.29-22.1
fixed
suse enterprise server 12 SP3
10.0.30-28.1
fixed
suse enterprise server 12 SP4
10.0.35-1.7
fixed
suse enterprise server 12 SP5
10.0.40.1-2.9.1
fixed
suse enterprise workstation 12 SP1
10.0.29-22.1
fixed
suse enterprise workstation 12 SP2
10.0.29-22.1
fixed
suse enterprise workstation 12 SP3
10.0.30-28.1
fixed
suse enterprise workstation 12 SP4
10.0.35-1.7
fixed
suse enterprise workstation 12 SP5
10.0.40.1-2.9.1
fixed
libmysqld-devel
suse enterprise sap 15
10.2.15-1.3
fixed
suse enterprise sap 15 SP1
10.2.22-3.14.1
fixed
suse enterprise server 12
10.0.29-20.23.1
fixed
suse enterprise server 15
10.2.15-1.3
fixed
suse enterprise server 15 SP1
10.2.22-3.14.1
fixed
libmysqld18
suse enterprise server 12
10.0.29-20.23.1
fixed
libmysqld19
suse enterprise sap 15
10.2.15-1.3
fixed
suse enterprise sap 15 SP1
10.2.22-3.14.1
fixed
suse enterprise server 15
10.2.15-1.3
fixed
suse enterprise server 15 SP1
10.2.22-3.14.1
fixed
mariadb
suse enterprise sap 12 SP1
10.0.29-22.1
fixed
suse enterprise sap 12 SP2
10.0.29-22.1
fixed
suse enterprise sap 12 SP5
10.2.25-3.19.2
fixed
suse enterprise sap 15
10.2.15-1.3
fixed
suse enterprise sap 15 SP1
10.2.22-3.14.1
fixed
suse enterprise sap 15 SP2
10.4.13-1.1
fixed
suse enterprise sap 15 SP3
10.5.8-1.5
fixed
suse enterprise sap 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 12
10.0.29-20.23.1
fixed
suse enterprise server 12 SP1
10.0.29-22.1
fixed
suse enterprise server 12 SP2
10.0.29-22.1
fixed
suse enterprise server 12 SP5
10.2.25-3.19.2
fixed
suse enterprise server 15
10.2.15-1.3
fixed
suse enterprise server 15 SP1
10.2.22-3.14.1
fixed
suse enterprise server 15 SP2
10.4.13-1.1
fixed
suse enterprise server 15 SP3
10.5.8-1.5
fixed
suse enterprise server 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
mariadb-100-errormessages
suse enterprise sap 12 SP5
10.0.40.1-2.9.1
fixed
suse enterprise server 12 SP5
10.0.40.1-2.9.1
fixed
mariadb-client
suse enterprise sap 12 SP1
10.0.29-22.1
fixed
suse enterprise sap 12 SP2
10.0.29-22.1
fixed
suse enterprise sap 12 SP5
10.2.25-3.19.2
fixed
suse enterprise sap 15
10.2.15-1.3
fixed
suse enterprise sap 15 SP1
10.2.22-3.14.1
fixed
suse enterprise sap 15 SP2
10.4.13-1.1
fixed
suse enterprise sap 15 SP3
10.5.8-1.5
fixed
suse enterprise sap 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 12
10.0.29-20.23.1
fixed
suse enterprise server 12 SP1
10.0.29-22.1
fixed
suse enterprise server 12 SP2
10.0.29-22.1
fixed
suse enterprise server 12 SP5
10.2.25-3.19.2
fixed
suse enterprise server 15
10.2.15-1.3
fixed
suse enterprise server 15 SP1
10.2.22-3.14.1
fixed
suse enterprise server 15 SP2
10.4.13-1.1
fixed
suse enterprise server 15 SP3
10.5.8-1.5
fixed
suse enterprise server 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
mariadb-errormessages
suse enterprise sap 12 SP1
10.0.29-22.1
fixed
suse enterprise sap 12 SP2
10.0.29-22.1
fixed
suse enterprise sap 12 SP5
10.2.25-3.19.2
fixed
suse enterprise sap 15
10.2.15-1.3
fixed
suse enterprise sap 15 SP1
10.2.22-3.14.1
fixed
suse enterprise sap 15 SP2
10.4.13-1.1
fixed
suse enterprise sap 15 SP3
10.5.8-1.5
fixed
suse enterprise sap 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 12
10.0.29-20.23.1
fixed
suse enterprise server 12 SP1
10.0.29-22.1
fixed
suse enterprise server 12 SP2
10.0.29-22.1
fixed
suse enterprise server 12 SP5
10.2.25-3.19.2
fixed
suse enterprise server 15
10.2.15-1.3
fixed
suse enterprise server 15 SP1
10.2.22-3.14.1
fixed
suse enterprise server 15 SP2
10.4.13-1.1
fixed
suse enterprise server 15 SP3
10.5.8-1.5
fixed
suse enterprise server 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
mariadb-tools
suse enterprise sap 12 SP1
10.0.29-22.1
fixed
suse enterprise sap 12 SP2
10.0.29-22.1
fixed
suse enterprise sap 12 SP5
10.2.25-3.19.2
fixed
suse enterprise sap 15
10.2.15-1.3
fixed
suse enterprise sap 15 SP1
10.2.22-3.14.1
fixed
suse enterprise sap 15 SP2
10.4.13-1.1
fixed
suse enterprise sap 15 SP3
10.5.8-1.5
fixed
suse enterprise sap 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 12
10.0.29-20.23.1
fixed
suse enterprise server 12 SP1
10.0.29-22.1
fixed
suse enterprise server 12 SP2
10.0.29-22.1
fixed
suse enterprise server 12 SP5
10.2.25-3.19.2
fixed
suse enterprise server 15
10.2.15-1.3
fixed
suse enterprise server 15 SP1
10.2.22-3.14.1
fixed
suse enterprise server 15 SP2
10.4.13-1.1
fixed
suse enterprise server 15 SP3
10.5.8-1.5
fixed
suse enterprise server 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
mariadb104
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
mariadb104-bench
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
mariadb104-client
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
mariadb104-errormessages
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
mariadb104-galera
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
mariadb104-rpm-macros
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
mariadb104-test
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
mariadb104-tools
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
python3-mysqlclient
suse enterprise sap 12 SP5
1.3.14-8.9.2
fixed
suse enterprise server 12 SP5
1.3.14-8.9.2
fixed
suse enterprise server 15 SP1
1.4.6-150100.3.3.7
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
mariadb
RHEL 7
1:5.5.56-2.el7
fixed
mariadb-bench
RHEL 7
1:5.5.56-2.el7
fixed
mariadb-devel
RHEL 7
1:5.5.56-2.el7
fixed
mariadb-embedded
RHEL 7
1:5.5.56-2.el7
fixed
mariadb-embedded-devel
RHEL 7
1:5.5.56-2.el7
fixed
mariadb-libs
RHEL 7
1:5.5.56-2.el7
fixed
mariadb-server
RHEL 7
1:5.5.56-2.el7
fixed
mariadb-test
RHEL 7
1:5.5.56-2.el7
fixed
Common Weakness Enumeration
References
http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html
http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html
http://rhn.redhat.com/errata/RHSA-2016-2130.html
http://rhn.redhat.com/errata/RHSA-2016-2749.html
http://seclists.org/fulldisclosure/2016/Nov/4
http://www.debian.org/security/2017/dsa-3770
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.securityfocus.com/archive/1/539695/100/0/threaded
http://www.securityfocus.com/bid/93612
https://access.redhat.com/errata/RHSA-2017:2192
https://access.redhat.com/errata/RHSA-2018:0279
https://access.redhat.com/errata/RHSA-2018:0574
https://security.gentoo.org/glsa/201702-18
https://www.exploit-db.com/exploits/40679/
https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/
http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html
http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html
http://rhn.redhat.com/errata/RHSA-2016-2130.html
http://rhn.redhat.com/errata/RHSA-2016-2749.html
http://seclists.org/fulldisclosure/2016/Nov/4
http://www.debian.org/security/2017/dsa-3770
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.securityfocus.com/archive/1/539695/100/0/threaded
http://www.securityfocus.com/bid/93612
https://access.redhat.com/errata/RHSA-2017:2192
https://access.redhat.com/errata/RHSA-2018:0279
https://access.redhat.com/errata/RHSA-2018:0574
https://security.gentoo.org/glsa/201702-18
https://www.exploit-db.com/exploits/40679/
https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/