Search for vulnerabilities
Vulnerability details: VCID-y32y-72qf-aaad
Vulnerability ID VCID-y32y-72qf-aaad
Aliases CVE-2016-6664
Summary mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-59 Improper Link Resolution Before File Access ('Link Following')
System Score Found at
generic_textual Medium http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6664.html
rhas Important https://access.redhat.com/errata/RHSA-2016:2130
rhas Important https://access.redhat.com/errata/RHSA-2016:2749
cvssv3 7.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6664.json
epss 0.11756 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.11756 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.11756 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.11756 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.11756 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.11756 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.11756 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.11756 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.11756 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.21402 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.21402 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.21402 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.21402 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.44365 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.44687 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.44687 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.44687 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.44687 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.44687 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.44687 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.44687 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.44687 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.44687 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.44687 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.44687 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.44687 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.44687 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.44687 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.44687 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.47351 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.49767 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.49767 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.49767 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.49767 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.49767 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.49767 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.49767 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.49767 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
epss 0.49767 https://api.first.org/data/v1/epss?cve=CVE-2016-6664
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1386564
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6664
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3238
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3243
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3244
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3257
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3258
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3265
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3291
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3312
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3317
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3318
cvssv2 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 6.9 https://nvd.nist.gov/vuln/detail/CVE-2016-6664
cvssv3 7.0 https://nvd.nist.gov/vuln/detail/CVE-2016-6664
cvssv3.1 7.0 https://nvd.nist.gov/vuln/detail/CVE-2016-6664
cvssv3.1 8.1 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
generic_textual HIGH http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
generic_textual Medium http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL
Reference id Reference type URL
http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html
http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6664.html
http://rhn.redhat.com/errata/RHSA-2016-2130.html
http://rhn.redhat.com/errata/RHSA-2016-2749.html
https://access.redhat.com/errata/RHSA-2017:2192
https://access.redhat.com/errata/RHSA-2018:0279
https://access.redhat.com/errata/RHSA-2018:0574
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6664.json
https://api.first.org/data/v1/epss?cve=CVE-2016-6664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3312
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3318
http://seclists.org/fulldisclosure/2016/Nov/4
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/201702-18
https://www.exploit-db.com/exploits/40679/
https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/
http://www.debian.org/security/2017/dsa-3770
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL
http://www.securityfocus.com/archive/1/539695/100/0/threaded
http://www.securityfocus.com/bid/93612
1386564 https://bugzilla.redhat.com/show_bug.cgi?id=1386564
841049 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841049
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*
cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*
CVE-2016-6664 https://nvd.nist.gov/vuln/detail/CVE-2016-6664
CVE-2016-6664;CVE-2016-5617 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40679.sh
CVE-2016-6664;CVE-2016-5617 Exploit https://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html
RHSA-2016:2130 https://access.redhat.com/errata/RHSA-2016:2130
RHSA-2016:2749 https://access.redhat.com/errata/RHSA-2016:2749
Data source Exploit-DB
Date added Nov. 1, 2016
Description MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation
Ransomware campaign use Unknown
Source publication date Nov. 1, 2016
Exploit type local
Platform linux
Source update date Jan. 30, 2017
Source URL https://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6664.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2016-6664
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-6664
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-6664
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.95461
EPSS Score 0.11756
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.