CVE-2016-6664

Advisory lineage Upstream: 0 Downstream: 14

Downstream

ALPINE-CVE-2016-6664 DSA-3770-1 MGASA-2017-0054 OPENSUSE-SU-2024:11038-1 RHSA-2016:2130 RHSA-2016:2749

Modified

Published: 13 Dec 2016, 21:00

Last modified:06 Aug 2024, 01:36

Vulnerability Summary

Overall Risk (default)

high

50/100

CVSS Score

7 HIGH

v3.1 (nvd)

EPSS Score

62.12% CRITICAL

62% probability +15.00%

KEV

Not listed

Ransomware

No reports

Public exploits

3 found

Dark Web

Not detected

Timeline

13 Dec 2016, 21:00

Published

Vulnerability first disclosed

06 Aug 2024, 01:36

Last Modified

Vulnerability information updated

Description

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.

CVSS Metrics

v3.1•HIGH•Score: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 62.12%• Percentile: 98%

Techniques & Countermeasures

CWE-59•Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Systems

mariadb•mariadb
≥ 5.5.0, < 5.5.54 | ≥ 10.0.0, < 10.0.29 | ≥ 10.1.0, < 10.1.21
oracle•mysql
≥ 5.5.0, ≤ 5.5.51 | ≥ 5.6.0, ≤ 5.6.32 | ≥ 5.7.0, ≤ 5.7.14
percona•percona_server
≥ 5.5, < 5.5.51-38.2 | ≥ 5.6, < 5.6.32-78.1 | ≥ 5.7, < 5.7.14-8
percona•xtradb_cluster
≥ 5.5, < 5.5.41-37.0 | ≥ 5.6, < 5.6.32-25.17 | ≥ 5.7, < 5.7.14-26.17