ALPINE-CVE-2016-6664

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2016-6664
Published: 13 Dec 2016, 21:59
Last modified:03 Dec 2025, 22:35

Vulnerability Summary

Overall Risk (default)
medium
28/100
CVSS Score
7 HIGH
3.1 (osv_alpine)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

13 Dec 2016, 21:59
Published
Vulnerability first disclosed
03 Dec 2025, 22:35
Last Modified
Vulnerability information updated

Description

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.

CVSS Metrics

  • v3.1HIGHScore: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

  • alpinemariadb

    < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0 | < 10.1.21-r0

References (1)