CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 4CVE-2016-6662 – MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15. Oracle MySQL hasta la versión 5.5.52, 5.6.x hasta la versión 5.6.33 y 5.7.x hasta la versión 5.7.15; MariaDB en versiones anteriores a 5.5.51, 10.0.x en versiones anteriores a 10.0.27 y 10.1.x en versiones anteriores a 10.1.17; y Percona Server en versiones anteriores a 5.5.51-38.1, 5.6.x en versiones anteriores a 5.6.32-78.0 y 5.7.x en versiones anteriores a 5.7.14-7 permiten a usuarios locales crear configuraciones arbitrarias y eludir ciertos mecanismos de protección estableciendo general_log_file a una configuración my.cnf NOTA: esto puede ser aprovechado para ejecutar código arbitrario con privilegios root estableciendo malloc_lib. • https://www.exploit-db.com/exploits/40360 https://github.com/MAYASEVEN/CVE-2016-6662 https://github.com/KosukeShimofuji/CVE-2016-6662 https://github.com/konstantin-kelemen/mysqld_safe-CVE-2016-6662-patch http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html http://rhn.redhat.com/errata/RHSA-2016-2058.html http://rhn.redhat.com/errata/RHSA-2016-2059.html http://rhn.redhat.com/errata/RHSA-2016-2060.html http://rhn.redhat.com/errat • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •