VDB

CVE-2016-6664

CVE-2016-6664 PUBLISHED

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.

EPSS 62.12% · 98.4th percentile

Risk Scores

EPSS Score
62.12%
98.4th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSmariadb-10.00, 10.0.20-0ubuntu0.15.04.1, 10.0.22-0ubuntu1
Ubuntu:14.04:LTSmysql-5.50, 5.5.34-0ubuntu2, 5.5.35-0ubuntu1

Exploit Intelligence

…and 55 more exploits

Timeline

  • Sep 12, 2016 PoC Published
  • Nov 2, 2016 PoC Published
  • Nov 3, 2016 CVE Published
  • Feb 4, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Sep 7, 2023 EPSS Score
  • Oct 29, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›