CVE-2016-6663 and CVE-2016-6664 MariaDB Root Privilege Escalation
Severity
Medium
Vendor
MariaDB, MySQL, and Percona
Versions Affected
- MySQL
- 5.5.51
- 5.6.32
- 5.7.14
- MariaDB
- 10.1.17 and previous
- Percona Server
- 5.5.51-38.2
- 5.6.32-78-1
- 5.7.14-8
- Percona XtraDB Cluster
- 5.6.32-25.17
- 5.7.14-26.17
- 5.5.41-37.0
Description
MySQL-based databases including MySQL, MariaDB and PerconaDB are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user to further escalate their privileges to root user allowing them to fully compromise the system. The vulnerability stems from unsafe file handling of error logs and other files.
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- Any ERT 1.6.x versions before ERT 1.6.53
- Any p-mysql 1.7.x versions before p-mysql 1.7.19
Mitigation
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- P-mysql: 1.7.18
- PCF Elastic Runtime: 1.6.53
Credit
Dawid Golunski