← back
CVE-2016-6662

CVE-2016-6662

EPSS 67.7%
Vexday Risk Score
35Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 67.7%KEV nãoPoC públicaNuclei Metasploit Patch referenciado
Lifecycle
12 Sep 2016Public PoC
20 Sep 2016Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Who exploits it46

Groups known to exploit this vulnerability (MITRE ATT&CK attribution).

APT / StateAgriusIrãAPT / StateAPT28RússiaAPT / StateAPT29RússiaAPT / StateAPT39IrãAPT / StateAPT41ChinaAPT / StateAPT5ChinaAPT / StateAxiomChinaAPT / StateBackdoorDiplomacyAPT / StateBlackByteAPT / StateBlackTechChinaAPT / StateBlue MockingbirdAPT / StateCinnamon TempestChinaAPT / StateDragonflyRússiaAPT / StateEarth LuscaChinaAPT / StateEmber BearRússiaAPT / StateFIN13APT / StateFIN7APT / StateFox KittenIrãAPT / StateGALLIUMChinaAPT / StateGOLD SOUTHFIELDAPT / StateHAFNIUMChinaAPT / StateINC RansomAPT / StateKe3changChinaAPT / StateKimsukyCoreia do NorteAPT / StateLeviathanChinaAPT / StateMagic HoundIrãAPT / StateMedusa GroupAPT / StatemenuPassChinaAPT / StateMirrorFaceChinaAPT / StateMoses StaffIrãAPT / StateMuddyWaterIrãAPT / StatePlayAPT / StateRockeChinaAPT / StateSalt TyphoonChinaAPT / StateSandworm TeamRússiaAPT / StateSea TurtleAPT / StateStorm-0501APT / StateThreat Group-3390ChinaAPT / StateToddyCatAPT / StateTonto TeamChinaAPT / StateUNC3886ChinaAPT / StateVOID MANTICOREIrãAPT / StateVolatile CedarAPT / StateVolt TyphoonChinaAPT / StateWinter VivernRússiaAPT / StateWizard SpiderRússia
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
Affected products
n/a · n/a
public PoCs found8
githubgithub.com/MAYASEVEN/CVE-2016-666229githubgithub.com/Ashrafdev/MySQL-Remote-Root-Code-Execution9githubgithub.com/meersjo/ansible-mysql-cve-2016-66621githubgithub.com/boompig/cve-2016-66621githubgithub.com/konstantin-kelemen/mysqld_safe-CVE-2016-6662-patch0githubgithub.com/KosukeShimofuji/CVE-2016-66620exploitdbwww.exploit-db.com/exploits/40360unverifiedcve_referencewww.exploit-db.com/exploits/40360/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2058.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2059.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2060.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2061.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2062.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2077.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2130.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2131.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2595.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2749.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2927.html