Researcher Dawid Golunski discovered several security issues in the
mariadb DBMS, including a vulnerability flaw that can be exploited by a
remote attacker to inject malicious settings into my.cnf configuration
files. The flaw can be triggered to fully compromise the DBMS by
executing arbitrary code with root privileges if mysqld_safe is
executed.

CVE-2016-6663 (access restriction bypass)

In the past mariadb used to read the main configuration file from three
different locations. One of them (the datadir) is unsafe because it’s
writeable by the sql-server. This way a remote attacker who could gain
access to the sql-server could deploy a maliciously crafted
configuration file.

OSVersionArchitecturePackageVersionFilename
anyanyanymariadb< 10.1.17-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
any	any	any	mariadb	< 10.1.17-1	UNKNOWN

References

legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html

access.redhat.com/security/cve/CVE-2016-6662

cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6663

jira.mariadb.org/browse/MDEV-10465

exploitdb 3

thn 3

exploitpack 3

threatpost 2

nessus 59

openvas 36

amazon 2

zdt 3

packetstorm 3

seebug 3

redhat 13

oraclelinux 3

checkpoint_advisories 1

centos 2

slackware 2

suse 10

f5 3

prion 3

osv 5

veracode 2

debian 5

nvd 3

fedora 2

mariadbunix 3

cve 3

ibm 5

cvelist 2

cloudfoundry 1

freebsd 4

alpinelinux 1

ubuntu 1

ubuntucve 2

redhatcve 2

myhack58 2

altlinux 1

mageia 1

exploitdb

MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation

2016-09-12 00:00:00

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition

2016-11-01 00:00:00

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation

2016-11-01 00:00:00

thn

New MySQL Zero Days — Hacking Website Databases

2016-09-12 06:14:00

Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)

2016-11-02 21:16:00

Why Database Patching Best Practice Just Doesn't Work and How to Fix It

2021-10-18 16:00:00

exploitpack

MySQL MariaDB PerconaDB 5.5.515.6.325.7.14 - Code Execution Privilege Escalation

2016-09-12 00:00:00

MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - mysql System User Privilege Escalation Race Condition

2016-11-01 00:00:00

MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - root System User Privilege Escalation

2016-11-01 00:00:00

threatpost

Critical MySQL Vulnerability Disclosed

2016-09-12 11:00:58

Critical MySQL Vulnerabilities Can Lead to Server Compromise

2016-11-02 14:02:10

nessus

MySQL 5.5.x < 5.5.52 Multiple Vulnerabilities

2016-09-08 00:00:00

Amazon Linux AMI : mysql51 (ALAS-2017-800)

2017-02-23 00:00:00

Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20170124)

2017-01-25 00:00:00

openvas

RedHat Update for mysql RHSA-2017:0184-01

2017-01-25 00:00:00

CentOS Update for mysql CESA-2017:0184 centos6

2017-01-27 00:00:00

Slackware: Security Advisory (SSA:2016-257-01)

2022-04-21 00:00:00

amazon

Important: mysql51

2017-02-22 18:00:00

Important: mysql55, mysql56

2016-10-12 17:00:00

zdt

MySQL / MariaDB / PerconaDB 5.5.52 / 5.6.33 / 5.7.15 - Code Execution / Privilege Escalation

2016-09-12 00:00:00

MySQL / MariaDB / PerconaDB - 'root' Privilege Escalation Vulnerability

2016-11-02 00:00:00

MySQL / MariaDB / PerconaDB - 'mysql' System User Privilege Escalation / Race Condition

2016-11-02 00:00:00

packetstorm

MySQL 5.7.15 / 5.6.33 / 5.5.52 Remote Code Execution

2016-09-12 00:00:00

MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition

2016-11-02 00:00:00

MySQL / MariaDB / PerconaDB Root Privilege Escalation

2016-11-02 00:00:00

seebug

MySQL <= 5.7.15 remote Root code execution vulnerability

2016-09-13 00:00:00

MySQL / MariaDB / PerconaDB 提权/条件竞争漏洞（CVE-2016-6663）

2016-11-02 00:00:00

MySQL / MariaDB / PerconaDB elevation of privilege vulnerability, CVE-2016-6664）

2016-11-02 00:00:00

redhat

(RHSA-2017:0184) Important: mysql security update

2017-01-24 10:49:30

(RHSA-2016:2060) Important: mariadb-galera security and bug fix update

2016-10-13 05:07:39

(RHSA-2016:2058) Important: mariadb-galera security update

2016-10-13 05:07:34

oraclelinux

mysql security update

2017-01-24 00:00:00

mariadb security and bug fix update

2016-11-09 00:00:00

mariadb security and bug fix update

2017-08-07 00:00:00

checkpoint_advisories

MySQL Remote Code Execution (CVE-2016-6662; CVE-2016-6663; CVE-2016-6664)

2016-09-20 00:00:00

centos

mysql security update

2017-01-26 22:35:43

mariadb security update

2016-11-25 16:00:08

slackware

[slackware-security] mariadb / mysql

2016-09-13 20:15:07

[slackware-security] mariadb

2016-11-01 03:40:41

suse

Security update for mariadb (important)

2016-09-27 21:12:05

Security update for mariadb (important)

2016-10-04 17:09:01

Security update for mariadb (important)

2016-09-27 19:14:25

SOL72255110 - MySQL vulnerability CVE-2016-6662

2016-09-26 00:00:00

K72255110 : MySQL vulnerability CVE-2016-6662

2016-09-26 00:00:00

K73828041 : MySQL vulnerability CVE-2016-6663

2017-02-03 00:00:00

prion

Design/Logic Flaw

2016-09-20 18:59:00

Race condition

2016-12-13 21:59:00

Design/Logic Flaw

2016-10-25 14:31:00

osv

mysql-5.5 - security update

2016-09-16 00:00:00

CGA-q2hg-2vjw-82pg

2024-07-04 22:10:35

CVE-2017-15365

2018-01-25 16:29:00

veracode

Arbitrary Code Execution

2019-01-15 09:13:35

Privilege Escalation

2019-05-02 05:51:01

debian

[SECURITY] [DLA 624-1] mysql-5.5 security update

2016-09-16 15:37:59

[SECURITY] [DSA 3666-1] mysql-5.5 security update

2016-09-14 15:13:34

[SECURITY] [DSA 3666-1] mysql-5.5 security update

2016-09-14 15:13:34

nvd

CVE-2016-6663

2016-12-13 21:59:00

CVE-2016-6662

2016-09-20 18:59:00

CVE-2016-5616

2016-10-25 14:31:30

fedora

[SECURITY] Fedora 24 Update: community-mysql-5.7.15-1.fc24

2016-09-27 03:57:17

[SECURITY] Fedora 23 Update: mariadb-10.0.27-1.fc23

2016-10-03 20:22:41

mariadbunix

CVE-2016-6662

2016-09-20 18:59:00

CVE-2016-6663

2016-12-13 21:59:00

CVE-2016-5616

2016-10-25 14:31:00

cve

CVE-2016-6662

2016-09-20 18:59:00

CVE-2016-6663

2016-12-13 21:59:00

CVE-2016-5616

2016-10-25 14:31:30

ibm

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Open Source MySQL MySQL Vulnerabilities (CVE-2016-6663)

2018-06-16 21:48:33

Security Bulletin: MySQL 0-day exploit (CVE-2016-6662)

2018-12-08 04:55:34

Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Vulnerabilities (CVE-2016-6662)

2018-06-16 21:47:55

cvelist

CVE-2016-6663

2016-12-13 21:00:00

CVE-2016-6662

2016-09-20 18:00:00

cloudfoundry

CVE-2016-6662 - Multiple MySQL Vulnerabilities | Cloud Foundry

2016-09-28 00:00:00

freebsd

Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662

2016-09-12 00:00:00

mysql -- Remote Root Code Execution

2016-09-12 00:00:00

Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662

2016-09-12 00:00:00

alpinelinux

CVE-2016-6662

2016-09-20 18:59:00

ubuntu

MySQL vulnerability

2016-09-13 00:00:00

ubuntucve

CVE-2016-6662

2016-09-12 00:00:00

CVE-2016-6663

2016-12-13 00:00:00

redhatcve

CVE-2016-6662

2016-12-15 20:18:44

CVE-2016-6663

2016-12-15 20:18:51

myhack58

MySQL is now a high-risk vulnerability that can cause the server root permission is stealing-vulnerability warning-the black bar safety net

2016-11-05 00:00:00

Linux application permissions incorrectly can provide the right series vulnerability analysis-vulnerability warning-the black bar safety net

2016-11-29 00:00:00

altlinux

Security fix for the ALT Linux 8 package mariadb version 10.1.18-alt1

2016-10-25 00:00:00

mageia

Updated mariadb packages fix security vulnerabilities

2016-11-10 00:43:03

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.009

Percentile

83.2%

JSON

Related for ASA-201609-10