CVE-2016-6662

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 5.5.52 and earlier, 5.6.33 and earlier, 5.7.15 and earlier MariaDB versions prior to 5.5.51, 10.0.x prior to 10.0.27, and 10.1.x prior to 10.1.17 Percona Server versions prior to 5.5.51-38.1, 5.6.x prior to 5.6.32-78.0, and 5.7.x prior to 5.7.14-7

Description The issue allows local users to create arbitrary configurations and bypass certain protection mechanisms by setting general log file to a my.cnf configuration. This can be leveraged to execute arbitrary code with root privileges by setting malloc lib. The vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server.

Recommendations For Oracle MySQL versions 5.5.52 and earlier, 5.6.33 and earlier, 5.7.15 and earlier, consider disabling the general log file setting to prevent exploitation until a patch is available. For MariaDB versions prior to 5.5.51, 10.0.x prior to 10.0.27, and 10.1.x prior to 10.1.17, restrict access to the my.cnf configuration file to minimize the risk of exploitation. For Percona Server versions prior to 5.5.51-38.1, 5.6.x prior to 5.6.32-78.0, and 5.7.x prior to 5.7.14-7, avoid using the malloc lib setting in the my.cnf configuration until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.