CVE-2016-6664

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 5.5.51 and earlier, 5.6.32 and earlier, 5.7.14 and earlier MariaDB (affected versions not specified) Percona Server versions 5.5.51-38.2 and earlier, 5.6.32-78.1 and earlier, 5.7.14-8 and earlier Percona XtraDB Cluster versions 5.5.41-37.0 and earlier, 5.6.32-25.17 and earlier, 5.7.14-26.17 and earlier

Description The issue allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files when using file-based logging. It can also be exploited by a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server, resulting in unauthorized ability to cause a hang or frequently repeatable crash of the MySQL Server.

Recommendations For Oracle MySQL versions 5.5.51 and earlier, 5.6.32 and earlier, 5.7.14 and earlier, update to a version later than the affected ones. For MariaDB, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Percona Server versions 5.5.51-38.2 and earlier, 5.6.32-78.1 and earlier, 5.7.14-8 and earlier, update to a version later than the affected ones. For Percona XtraDB Cluster versions 5.5.41-37.0 and earlier, 5.6.32-25.17 and earlier, 5.7.14-26.17 and earlier, update to a version later than the affected ones. As a temporary workaround, consider disabling file-based logging until a patch is available. Restrict access to the mysql account to minimize the risk of exploitation.