vulnerability

Oracle Linux: CVE-2016-6663: ELSA-2016-2595: mariadb security and bug fix update (IMPORTANT) (Multiple Advisories)

Severity
6
CVSS
(AV:L/AC:H/Au:S/C:C/I:C/A:C)
Published
Sep 12, 2016
Added
Dec 13, 2016
Modified
Jan 7, 2025

Description

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user.

Solution(s)

oracle-linux-upgrade-mariadboracle-linux-upgrade-mariadb-benchoracle-linux-upgrade-mariadb-develoracle-linux-upgrade-mariadb-embeddedoracle-linux-upgrade-mariadb-embedded-develoracle-linux-upgrade-mariadb-libsoracle-linux-upgrade-mariadb-serveroracle-linux-upgrade-mariadb-testoracle-linux-upgrade-mysqloracle-linux-upgrade-mysql-benchoracle-linux-upgrade-mysql-develoracle-linux-upgrade-mysql-embeddedoracle-linux-upgrade-mysql-embedded-develoracle-linux-upgrade-mysql-libsoracle-linux-upgrade-mysql-serveroracle-linux-upgrade-mysql-test
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.