1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
Candidate: CVE-2016-6664
PublicDate: 2016-12-13
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6664
http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL
Description:
mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x
through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before
5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before
5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when
using file-based logging, allows local users with access to the mysql
account to gain root privileges via a symlink attack on error logs and
possibly other files.
Ubuntu-Description:
Notes:
mdeslaur> This is a dupe of CVE-2016-5617
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842895
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841049
Priority: medium
Discovered-by: Dawid Golunski
Assigned-to:
Patches_mariadb-10.0:
upstream_mariadb-10.0: released (10.0.29)
precise_mariadb-10.0: DNE
trusty_mariadb-10.0: DNE
vivid/ubuntu-core_mariadb-10.0: DNE
vivid/stable-phone-overlay_mariadb-10.0: DNE
xenial_mariadb-10.0: released (10.0.29-0ubuntu0.16.04.1)
yakkety_mariadb-10.0: released (10.0.29-0ubuntu0.16.10.1)
devel_mariadb-10.0: DNE
Patches_mysql-5.5:
upstream_mysql-5.5: released (5.5.52)
precise_mysql-5.5: released (5.5.52-0ubuntu0.12.04.1)
trusty_mysql-5.5: released (5.5.52-0ubuntu0.14.04.1)
vivid_mysql-5.5: DNE
vivid/ubuntu-core_mysql-5.5: DNE
vivid/stable-phone-overlay_mysql-5.5: DNE
xenial_mysql-5.5: DNE
yakkety_mysql-5.5: DNE
devel_mysql-5.5: DNE
Patches_mysql-5.6:
upstream_mysql-5.6: released (5.6.33)
precise_mysql-5.6: DNE
trusty_mysql-5.6: not-affected (5.6.33-0ubuntu0.14.04.1)
vivid/ubuntu-core_mysql-5.6: DNE
vivid/stable-phone-overlay_mysql-5.6: DNE
xenial_mysql-5.6: DNE
yakkety_mysql-5.6: DNE
devel_mysql-5.6: DNE
Patches_mysql-5.7:
upstream_mysql-5.7: released (5.7.15)
precise_mysql-5.7: DNE
trusty_mysql-5.7: DNE
vivid/ubuntu-core_mysql-5.7: DNE
vivid/stable-phone-overlay_mysql-5.7: DNE
xenial_mysql-5.7: not-affected (5.7.15-0ubuntu0.16.04.1)
yakkety_mysql-5.7: not-affected (5.7.15-0ubuntu2)
devel_mysql-5.7: not-affected (5.7.15-0ubuntu2)
|