vulnerability
CentOS Linux: CVE-2016-6662: Important: mysql security update (CESA-2017:0184)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Sep 20, 2016 | Jul 1, 2017 | May 25, 2023 |
Description
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
Solution(s)
References
- BID-92912
- DEBIAN-DLA-624-1
- DEBIAN-DSA-3666
- GENTOO-GLSA-201701-01
- NVD-CVE-2016-6662
- REDHAT-RHSA-2016:2058
- REDHAT-RHSA-2016:2059
- REDHAT-RHSA-2016:2060
- REDHAT-RHSA-2016:2061
- REDHAT-RHSA-2016:2062
- REDHAT-RHSA-2016:2077
- REDHAT-RHSA-2016:2130
- REDHAT-RHSA-2016:2131
- REDHAT-RHSA-2016:2595
- REDHAT-RHSA-2016:2749
- REDHAT-RHSA-2016:2927
- REDHAT-RHSA-2016:2928
- REDHAT-RHSA-2017:0184
- SECTRACK-1036769
- UBUNTU-USN-3078-1
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.