cpe:/a:mariadb:mariadb:5.5.20 cpe:/a:mariadb:mariadb:5.5.21 cpe:/a:mariadb:mariadb:5.5.22 cpe:/a:mariadb:mariadb:5.5.23 cpe:/a:mariadb:mariadb:5.5.24 cpe:/a:mariadb:mariadb:5.5.25 cpe:/a:mariadb:mariadb:5.5.27 cpe:/a:mariadb:mariadb:5.5.28 cpe:/a:mariadb:mariadb:5.5.28a cpe:/a:mariadb:mariadb:5.5.33 cpe:/a:mariadb:mariadb:5.5.33:a cpe:/a:mariadb:mariadb:5.5.34 cpe:/a:mariadb:mariadb:5.5.35 cpe:/a:mariadb:mariadb:5.5.40 cpe:/a:mariadb:mariadb:5.5.43 cpe:/a:mariadb:mariadb:5.5.46 cpe:/a:mariadb:mariadb:5.5.47 cpe:/a:mariadb:mariadb:5.5.48 cpe:/a:mariadb:mariadb:5.5.49 cpe:/a:mariadb:mariadb:5.5.50 cpe:/a:mariadb:mariadb:10.0.0 cpe:/a:mariadb:mariadb:10.0.1 cpe:/a:mariadb:mariadb:10.0.2 cpe:/a:mariadb:mariadb:10.0.3 cpe:/a:mariadb:mariadb:10.0.4 cpe:/a:mariadb:mariadb:10.0.5 cpe:/a:mariadb:mariadb:10.0.6 cpe:/a:mariadb:mariadb:10.0.7 cpe:/a:mariadb:mariadb:10.0.8 cpe:/a:mariadb:mariadb:10.0.9 cpe:/a:mariadb:mariadb:10.0.10 cpe:/a:mariadb:mariadb:10.0.11 cpe:/a:mariadb:mariadb:10.0.12 cpe:/a:mariadb:mariadb:10.0.13 cpe:/a:mariadb:mariadb:10.0.14 cpe:/a:mariadb:mariadb:10.0.15 cpe:/a:mariadb:mariadb:10.0.16 cpe:/a:mariadb:mariadb:10.0.17 cpe:/a:mariadb:mariadb:10.0.18 cpe:/a:mariadb:mariadb:10.0.19 cpe:/a:mariadb:mariadb:10.0.20 cpe:/a:mariadb:mariadb:10.0.21 cpe:/a:mariadb:mariadb:10.0.22 cpe:/a:mariadb:mariadb:10.0.23 cpe:/a:mariadb:mariadb:10.0.24 cpe:/a:mariadb:mariadb:10.0.25 cpe:/a:mariadb:mariadb:10.0.26 cpe:/a:mariadb:mariadb:10.1.0 cpe:/a:mariadb:mariadb:10.1.1 cpe:/a:mariadb:mariadb:10.1.2 cpe:/a:mariadb:mariadb:10.1.3 cpe:/a:mariadb:mariadb:10.1.4 cpe:/a:mariadb:mariadb:10.1.5 cpe:/a:mariadb:mariadb:10.1.6 cpe:/a:mariadb:mariadb:10.1.7 cpe:/a:mariadb:mariadb:10.1.8 cpe:/a:mariadb:mariadb:10.1.9 cpe:/a:mariadb:mariadb:10.1.10 cpe:/a:mariadb:mariadb:10.1.11 cpe:/a:mariadb:mariadb:10.1.12 cpe:/a:mariadb:mariadb:10.1.13 cpe:/a:mariadb:mariadb:10.1.14 cpe:/a:mariadb:mariadb:10.1.15 cpe:/a:mariadb:mariadb:10.1.16 cpe:/a:oracle:mysql:5.5.0 cpe:/a:oracle:mysql:5.5.1 cpe:/a:oracle:mysql:5.5.2 cpe:/a:oracle:mysql:5.5.3 cpe:/a:oracle:mysql:5.5.4 cpe:/a:oracle:mysql:5.5.5 cpe:/a:oracle:mysql:5.5.6 cpe:/a:oracle:mysql:5.5.7 cpe:/a:oracle:mysql:5.5.8 cpe:/a:oracle:mysql:5.5.9 cpe:/a:oracle:mysql:5.5.10 cpe:/a:oracle:mysql:5.5.11 cpe:/a:oracle:mysql:5.5.12 cpe:/a:oracle:mysql:5.5.13 cpe:/a:oracle:mysql:5.5.14 cpe:/a:oracle:mysql:5.5.15 cpe:/a:oracle:mysql:5.5.16 cpe:/a:oracle:mysql:5.5.17 cpe:/a:oracle:mysql:5.5.18 cpe:/a:oracle:mysql:5.5.19 cpe:/a:oracle:mysql:5.5.20 cpe:/a:oracle:mysql:5.5.21 cpe:/a:oracle:mysql:5.5.22 cpe:/a:oracle:mysql:5.5.23 cpe:/a:oracle:mysql:5.5.24 cpe:/a:oracle:mysql:5.5.25 cpe:/a:oracle:mysql:5.5.25:a cpe:/a:oracle:mysql:5.5.26 cpe:/a:oracle:mysql:5.5.27 cpe:/a:oracle:mysql:5.5.28 cpe:/a:oracle:mysql:5.5.29 cpe:/a:oracle:mysql:5.5.30 cpe:/a:oracle:mysql:5.5.31 cpe:/a:oracle:mysql:5.5.32 cpe:/a:oracle:mysql:5.5.33 cpe:/a:oracle:mysql:5.5.34 cpe:/a:oracle:mysql:5.5.35 cpe:/a:oracle:mysql:5.5.36 cpe:/a:oracle:mysql:5.5.37 cpe:/a:oracle:mysql:5.5.38 cpe:/a:oracle:mysql:5.5.39 cpe:/a:oracle:mysql:5.5.40 cpe:/a:oracle:mysql:5.5.41 cpe:/a:oracle:mysql:5.5.42 cpe:/a:oracle:mysql:5.5.43 cpe:/a:oracle:mysql:5.5.44 cpe:/a:oracle:mysql:5.5.45 cpe:/a:oracle:mysql:5.5.46 cpe:/a:oracle:mysql:5.5.47 cpe:/a:oracle:mysql:5.5.48 cpe:/a:oracle:mysql:5.5.49 cpe:/a:oracle:mysql:5.5.50 cpe:/a:oracle:mysql:5.5.51 cpe:/a:oracle:mysql:5.5.52 cpe:/a:oracle:mysql:5.6.0 cpe:/a:oracle:mysql:5.6.0::~~enterprise~~~ cpe:/a:oracle:mysql:5.6.1 cpe:/a:oracle:mysql:5.6.2 cpe:/a:oracle:mysql:5.6.3 cpe:/a:oracle:mysql:5.6.4 cpe:/a:oracle:mysql:5.6.5 cpe:/a:oracle:mysql:5.6.6 cpe:/a:oracle:mysql:5.6.7 cpe:/a:oracle:mysql:5.6.8 cpe:/a:oracle:mysql:5.6.9 cpe:/a:oracle:mysql:5.6.10 cpe:/a:oracle:mysql:5.6.11 cpe:/a:oracle:mysql:5.6.12 cpe:/a:oracle:mysql:5.6.13 cpe:/a:oracle:mysql:5.6.14 cpe:/a:oracle:mysql:5.6.15 cpe:/a:oracle:mysql:5.6.16 cpe:/a:oracle:mysql:5.6.17 cpe:/a:oracle:mysql:5.6.18 cpe:/a:oracle:mysql:5.6.19 cpe:/a:oracle:mysql:5.6.20 cpe:/a:oracle:mysql:5.6.21 cpe:/a:oracle:mysql:5.6.22 cpe:/a:oracle:mysql:5.6.23 cpe:/a:oracle:mysql:5.6.24 cpe:/a:oracle:mysql:5.6.25 cpe:/a:oracle:mysql:5.6.26 cpe:/a:oracle:mysql:5.6.27 cpe:/a:oracle:mysql:5.6.28 cpe:/a:oracle:mysql:5.6.29 cpe:/a:oracle:mysql:5.6.30 cpe:/a:oracle:mysql:5.6.31 cpe:/a:oracle:mysql:5.6.32 cpe:/a:oracle:mysql:5.6.33 cpe:/a:oracle:mysql:5.7.0 cpe:/a:oracle:mysql:5.7.0::~~community~~~ cpe:/a:oracle:mysql:5.7.0::~~enterprise~~~ cpe:/a:oracle:mysql:5.7.1 cpe:/a:oracle:mysql:5.7.2 cpe:/a:oracle:mysql:5.7.3 cpe:/a:oracle:mysql:5.7.4 cpe:/a:oracle:mysql:5.7.5 cpe:/a:oracle:mysql:5.7.6 cpe:/a:oracle:mysql:5.7.7 cpe:/a:oracle:mysql:5.7.8 cpe:/a:oracle:mysql:5.7.9 cpe:/a:oracle:mysql:5.7.10 cpe:/a:oracle:mysql:5.7.11 cpe:/a:oracle:mysql:5.7.12 cpe:/a:oracle:mysql:5.7.13 cpe:/a:oracle:mysql:5.7.14 cpe:/a:oracle:mysql:5.7.15 cpe:/a:percona:percona_server:5.5 cpe:/a:percona:percona_server:5.5.7:rc cpe:/a:percona:percona_server:5.5.8-20 cpe:/a:percona:percona_server:5.5.9-20.1 cpe:/a:percona:percona_server:5.5.10-20.1 cpe:/a:percona:percona_server:5.5.11-20.2 cpe:/a:percona:percona_server:5.5.12-20.3 cpe:/a:percona:percona_server:5.5.13-20.4 cpe:/a:percona:percona_server:5.5.14-20.5 cpe:/a:percona:percona_server:5.5.15-21.0 cpe:/a:percona:percona_server:5.5.16-22.0 cpe:/a:percona:percona_server:5.5.18-23.0 cpe:/a:percona:percona_server:5.5.19-24.0 cpe:/a:percona:percona_server:5.5.20-24.1 cpe:/a:percona:percona_server:5.5.21-25.0 cpe:/a:percona:percona_server:5.5.21-25.1 cpe:/a:percona:percona_server:5.5.22-25.2 cpe:/a:percona:percona_server:5.5.23-25.3 cpe:/a:percona:percona_server:5.5.24-26.0 cpe:/a:percona:percona_server:5.5.25a-27.1 cpe:/a:percona:percona_server:5.5.27-28.0 cpe:/a:percona:percona_server:5.5.27-28.1 cpe:/a:percona:percona_server:5.5.27-29.0 cpe:/a:percona:percona_server:5.5.28-29.1 cpe:/a:percona:percona_server:5.5.28-29.2 cpe:/a:percona:percona_server:5.5.28-29.3 cpe:/a:percona:percona_server:5.5.28-29.4 cpe:/a:percona:percona_server:5.5.29-30.0 cpe:/a:percona:percona_server:5.5.30-30.1 cpe:/a:percona:percona_server:5.5.30-30.2 cpe:/a:percona:percona_server:5.5.31-30.3 cpe:/a:percona:percona_server:5.5.32-31.0 cpe:/a:percona:percona_server:5.5.33-31.1 cpe:/a:percona:percona_server:5.5.34-32.0 cpe:/a:percona:percona_server:5.5.35-33.0 cpe:/a:percona:percona_server:5.5.36-34.0 cpe:/a:percona:percona_server:5.5.36-34.1 cpe:/a:percona:percona_server:5.5.36-34.2 cpe:/a:percona:percona_server:5.5.37-35.0 cpe:/a:percona:percona_server:5.5.37-35.1 cpe:/a:percona:percona_server:5.5.38-35.2 cpe:/a:percona:percona_server:5.5.39-36.0 cpe:/a:percona:percona_server:5.5.40-36.1 cpe:/a:percona:percona_server:5.5.41-37.0 cpe:/a:percona:percona_server:5.5.42-37.1 cpe:/a:percona:percona_server:5.5.43-37.2 cpe:/a:percona:percona_server:5.5.44-37.3 cpe:/a:percona:percona_server:5.5.45-37.4 cpe:/a:percona:percona_server:5.5.46-37.5 cpe:/a:percona:percona_server:5.5.46-37.6 cpe:/a:percona:percona_server:5.5.47-37.7 cpe:/a:percona:percona_server:5.5.48-37.8 cpe:/a:percona:percona_server:5.5.49-37.9 cpe:/a:percona:percona_server:5.5.50-38.0 cpe:/a:percona:percona_server:5.6 cpe:/a:percona:percona_server:5.6.5-60.0 cpe:/a:percona:percona_server:5.6.6-60.1 cpe:/a:percona:percona_server:5.6.10-60.2 cpe:/a:percona:percona_server:5.6.11-60.3 cpe:/a:percona:percona_server:5.6.12-60.4 cpe:/a:percona:percona_server:5.6.13-60.5 cpe:/a:percona:percona_server:5.6.13-60.6 cpe:/a:percona:percona_server:5.6.13-61.0 cpe:/a:percona:percona_server:5.6.14-62.0 cpe:/a:percona:percona_server:5.6.15-63.0 cpe:/a:percona:percona_server:5.6.16-64.0 cpe:/a:percona:percona_server:5.6.16-64.1 cpe:/a:percona:percona_server:5.6.16-64.2 cpe:/a:percona:percona_server:5.6.17-65.0 cpe:/a:percona:percona_server:5.6.17-66.0 cpe:/a:percona:percona_server:5.6.19-67.0 cpe:/a:percona:percona_server:5.6.20-68.0 cpe:/a:percona:percona_server:5.6.21-69.0 cpe:/a:percona:percona_server:5.6.21-70.0 cpe:/a:percona:percona_server:5.6.21-70.1 cpe:/a:percona:percona_server:5.6.22-71.0 cpe:/a:percona:percona_server:5.6.22-72.0 cpe:/a:percona:percona_server:5.6.23-72.1 cpe:/a:percona:percona_server:5.6.24-72.2 cpe:/a:percona:percona_server:5.6.25-73.0 cpe:/a:percona:percona_server:5.6.25-73.1 cpe:/a:percona:percona_server:5.6.26-74.0 cpe:/a:percona:percona_server:5.6.27-75.0 cpe:/a:percona:percona_server:5.6.27-76.0 cpe:/a:percona:percona_server:5.6.28-76.1 cpe:/a:percona:percona_server:5.6.29-76.2 cpe:/a:percona:percona_server:5.6.30-76.3 cpe:/a:percona:percona_server:5.6.31-77.0 cpe:/a:percona:percona_server:5.7 cpe:/a:percona:percona_server:5.7.10-1 cpe:/a:percona:percona_server:5.7.10-1:rc1 cpe:/a:percona:percona_server:5.7.10-2 cpe:/a:percona:percona_server:5.7.10-2:rc2 cpe:/a:percona:percona_server:5.7.10-3 cpe:/a:percona:percona_server:5.7.11-4 cpe:/a:percona:percona_server:5.7.12-5 cpe:/a:percona:percona_server:5.7.13-6 cpe:/a:redhat:openstack:5.0 cpe:/a:redhat:openstack:6.0 cpe:/a:redhat:openstack:7.0 cpe:/a:redhat:openstack:8.0 cpe:/a:redhat:openstack:9.0 cpe:/o:debian:debian_linux:8.0 cpe:/o:redhat:enterprise_linux:7.0 cpe:/o:redhat:enterprise_linux_desktop:6.0 cpe:/o:redhat:enterprise_linux_desktop:7.0 cpe:/o:redhat:enterprise_linux_server:6.0 cpe:/o:redhat:enterprise_linux_server_aus:7.3 cpe:/o:redhat:enterprise_linux_server_aus:7.4 cpe:/o:redhat:enterprise_linux_server_aus:7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.3 cpe:/o:redhat:enterprise_linux_server_eus:7.4 cpe:/o:redhat:enterprise_linux_server_eus:7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.3 cpe:/o:redhat:enterprise_linux_server_tus:7.6 cpe:/o:redhat:enterprise_linux_workstation:6.0 cpe:/o:redhat:enterprise_linux_workstation:7.0 CVE-2016-6662 2016-09-20T14:59:00.127-04:00 2019-06-03T13:41:53.987-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2019-06-03T13:28:01.493-04:00 SECTRACK 1036769 FULLDISC 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) EXPLOIT-DB 40360 BID 92912 DEBIAN DSA-3666 GENTOO GLSA-201701-01 REDHAT RHSA-2016:2058 REDHAT RHSA-2016:2059 REDHAT RHSA-2016:2060 REDHAT RHSA-2016:2061 REDHAT RHSA-2016:2062 REDHAT RHSA-2016:2077 REDHAT RHSA-2016:2130 REDHAT RHSA-2016:2131 REDHAT RHSA-2016:2595 REDHAT RHSA-2016:2749 REDHAT RHSA-2016:2927 REDHAT RHSA-2016:2928 REDHAT RHSA-2017:0184 MLIST [oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) MISC http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html CONFIRM https://jira.mariadb.org/browse/MDEV-10465 CONFIRM https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ CONFIRM https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ CONFIRM https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ CONFIRM https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.