Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2016-6662

Published: Sep 20, 2016 | Modified: Aug 04, 2021
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
7.1 IMPORTANT
AV:N/AC:H/Au:S/C:C/I:C/A:C
RedHat/V3
9.8 IMPORTANT
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2016-6662
CWEhttps://cwe.mitre.org/data/definitions/264.html

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracles October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Affected Software

Name Vendor Start Version End Version
Mysql Oracle 5.5.0 (including) 5.5.52 (including)
Mysql Oracle 5.6.0 (including) 5.6.33 (including)
Mysql Oracle 5.7.0 (including) 5.7.15 (including)
Red Hat Enterprise Linux 6 RedHat mysql-0:5.1.73-8.el6_8 *
Red Hat Enterprise Linux 7 RedHat mariadb-1:5.5.52-1.el7 *
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 RedHat mariadb-galera-0:5.5.42-1.1.el6ost *
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 RedHat mariadb-galera-1:5.5.42-1.2.el7ost *
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 RedHat mariadb-galera-1:5.5.42-1.2.el7ost *
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 RedHat mariadb-galera-1:5.5.42-5.el7ost *
Red Hat OpenStack Platform 8.0 (Liberty) RedHat mariadb-galera-1:5.5.42-5.el7ost *
Red Hat OpenStack Platform 9.0 (Mitaka) RedHat mariadb-galera-1:5.5.42-5.el7ost *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat mysql55-mysql-0:5.5.52-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat mariadb55-mariadb-0:5.5.53-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat rh-mysql56-mysql-0:5.6.34-2.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat rh-mariadb100-mariadb-1:10.0.28-5.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat rh-mariadb101-mariadb-1:10.1.19-6.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS RedHat mysql55-mysql-0:5.5.52-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS RedHat mariadb55-mariadb-0:5.5.53-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS RedHat mysql55-mysql-0:5.5.52-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS RedHat mariadb55-mariadb-0:5.5.53-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS RedHat rh-mysql56-mysql-0:5.6.34-2.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS RedHat rh-mariadb100-mariadb-1:10.0.28-5.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS RedHat rh-mariadb101-mariadb-1:10.1.19-6.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat mysql55-mysql-0:5.5.52-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat mariadb55-mariadb-0:5.5.53-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-mysql56-mysql-0:5.6.34-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-mariadb100-mariadb-1:10.0.28-5.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-mariadb101-mariadb-1:10.1.19-6.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS RedHat mysql55-mysql-0:5.5.52-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS RedHat mariadb55-mariadb-0:5.5.53-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS RedHat rh-mysql56-mysql-0:5.6.34-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS RedHat mysql55-mysql-0:5.5.52-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS RedHat mariadb55-mariadb-0:5.5.53-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS RedHat rh-mysql56-mysql-0:5.6.34-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS RedHat rh-mariadb100-mariadb-1:10.0.28-5.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS RedHat rh-mariadb101-mariadb-1:10.1.19-6.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS RedHat rh-mariadb100-mariadb-1:10.0.28-5.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS RedHat rh-mariadb101-mariadb-1:10.1.19-6.el7 *
Mariadb-10.0 Ubuntu upstream *
Mariadb-10.0 Ubuntu xenial *
Mariadb-10.0 Ubuntu yakkety *
Mariadb-5.5 Ubuntu trusty *
Mysql-5.5 Ubuntu precise *
Mysql-5.5 Ubuntu trusty *
Mysql-5.5 Ubuntu upstream *
Mysql-5.6 Ubuntu trusty *
Mysql-5.6 Ubuntu upstream *
Mysql-5.7 Ubuntu artful *
Mysql-5.7 Ubuntu bionic *
Mysql-5.7 Ubuntu cosmic *
Mysql-5.7 Ubuntu disco *
Mysql-5.7 Ubuntu upstream *
Mysql-5.7 Ubuntu xenial *
Mysql-5.7 Ubuntu yakkety *
Mysql-5.7 Ubuntu zesty *
Percona-server-5.6 Ubuntu artful *
Percona-server-5.6 Ubuntu esm-apps/xenial *
Percona-server-5.6 Ubuntu xenial *
Percona-server-5.6 Ubuntu yakkety *
Percona-server-5.6 Ubuntu zesty *
Percona-xtradb-cluster-5.5 Ubuntu trusty *
Percona-xtradb-cluster-5.6 Ubuntu xenial *
Percona-xtradb-cluster-5.6 Ubuntu yakkety *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use