Lucene search
Redhat.comRH:CVE-2016-6662HistoryDec 15, 2016 - 8:18 p.m.
CVE-2016-6662
2016-12-1520:18:44
redhat.com
access.redhat.com
48
0.009 Low
EPSS
Percentile
83.1%
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
Mitigation
- Ensure all MySQL / MariaDB configuration files are not writeable to the mysql user. This is the default configuration in Red Hat products.
- Ensure that non-administrative database users are not granted FILE privilege. Applications accessing data in MySQL / MariaDB databases, including web application potentially vulnerable to SQL injections, should use database accounts with the lowest privileges required.
- If FILE permission needs to be granted to some non-administrative database users, use secure_file_priv setting to limit where files can be written to or read from.
Related
f5
f5
SOL72255110 - MySQL vulnerability CVE-2016-6662
2016-09-26 00:00:00
K72255110 : MySQL vulnerability CVE-2016-6662
2016-09-26 00:00:00
nessus
nessus
Fedora 23 : 1:mariadb (2016-58f90ae3cc)
2016-10-06 00:00:00
SUSE SLES12 Security Update : mariadb (SUSE-SU-2016:2395-1)
2016-09-28 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : MySQL vulnerability (USN-3078-1)
2016-09-15 00:00:00
redhat
redhat
(RHSA-2016:2060) Important: mariadb-galera security and bug fix update
2016-10-13 05:07:39
(RHSA-2016:2061) Important: mariadb-galera security and bug fix update
2016-10-13 05:07:42
(RHSA-2016:2058) Important: mariadb-galera security update
2016-10-13 05:07:34
slackware
slackware
[slackware-security] mariadb / mysql
2016-09-13 20:15:07
osv
osv
mysql-5.5 - security update
2016-09-16 00:00:00
CVE-2017-15365
2018-01-25 16:29:00
CVE-2020-10996
2020-04-27 13:15:12
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:13:35
debian
debian
[SECURITY] [DLA 624-1] mysql-5.5 security update
2016-09-16 15:37:59
[SECURITY] [DSA 3666-1] mysql-5.5 security update
2016-09-14 15:13:34
[SECURITY] [DSA 3666-1] mysql-5.5 security update
2016-09-14 15:13:34
prion
prion
Design/Logic Flaw
2016-09-20 18:59:00
openvas
openvas
Slackware: Security Advisory (SSA:2016-257-01)
2022-04-21 00:00:00
Ubuntu: Security Advisory (USN-3078-1)
2016-09-14 00:00:00
Oracle MySQL 'my.conf' Security Bypass Vulnerability - Windows
2016-09-26 00:00:00
suse
suse
Security update for mariadb (important)
2016-09-27 21:12:05
Security update for mariadb (important)
2016-10-04 17:09:01
Security update for mariadb (important)
2016-09-27 19:14:25
cloudfoundry
cloudfoundry
CVE-2016-6662 - Multiple MySQL Vulnerabilities | Cloud Foundry
2016-09-28 00:00:00
cvelist
cvelist
CVE-2016-6662
2016-09-20 18:00:00
nvd
nvd
CVE-2016-6662
2016-09-20 18:59:00
mariadbunix
mariadbunix
CVE-2016-6662
2016-09-20 18:59:00
cve
cve
CVE-2016-6662
2016-09-20 18:59:00
fedora
fedora
[SECURITY] Fedora 24 Update: community-mysql-5.7.15-1.fc24
2016-09-27 03:57:17
[SECURITY] Fedora 23 Update: mariadb-10.0.27-1.fc23
2016-10-03 20:22:41
freebsd
freebsd
Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662
2016-09-12 00:00:00
mysql -- Remote Root Code Execution
2016-09-12 00:00:00
Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662
2016-09-12 00:00:00
ibm
ibm
amazon
amazon
Important: mysql55, mysql56
2016-10-12 17:00:00
Important: mysql51
2017-02-22 18:00:00
ubuntucve
ubuntucve
CVE-2016-6662
2016-09-12 00:00:00
ubuntu
ubuntu
MySQL vulnerability
2016-09-13 00:00:00
alpinelinux
alpinelinux
CVE-2016-6662
2016-09-20 18:59:00
zdt
zdt
threatpost
threatpost
Critical MySQL Vulnerability Disclosed
2016-09-12 11:00:58
Critical MySQL Vulnerabilities Can Lead to Server Compromise
2016-11-02 14:02:10
exploitpack
exploitpack
thn
thn
New MySQL Zero Days β Hacking Website Databases
2016-09-12 06:14:00
Why Database Patching Best Practice Just Doesn't Work and How to Fix It
2021-10-18 16:00:00
archlinux
archlinux
mariadb: multiple issues
2016-09-14 00:00:00
exploitdb
exploitdb
checkpoint_advisories
checkpoint_advisories
MySQL Remote Code Execution (CVE-2016-6662; CVE-2016-6663; CVE-2016-6664)
2016-09-20 00:00:00
centos
centos
mysql security update
2017-01-26 22:35:43
mariadb security update
2016-11-25 16:00:08
oraclelinux
oraclelinux
mysql security update
2017-01-24 00:00:00
mariadb security and bug fix update
2016-11-09 00:00:00
mariadb security and bug fix update
2017-08-07 00:00:00
seebug
seebug
MySQL <= 5.7.15 remote Root code execution vulnerability
2016-09-13 00:00:00
MySQL / MariaDB / PerconaDB ζζ/ζ‘δ»Άη«δΊζΌζ΄οΌCVE-2016-6663οΌ
2016-11-02 00:00:00
packetstorm
packetstorm
MySQL 5.7.15 / 5.6.33 / 5.5.52 Remote Code Execution
2016-09-12 00:00:00
MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition
2016-11-02 00:00:00
MySQL / MariaDB / PerconaDB Root Privilege Escalation
2016-11-02 00:00:00
gentoo
gentoo
MariaDB and MySQL: Multiple vulnerabilities
2017-01-01 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00