CVE-2016-6664

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-6664
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6664.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-6664
Downstream
Related
Published
2016-12-13T21:59:01.740Z
Modified
2026-06-20T04:00:39.815277976Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.

Database specific 
{
    "unresolved_ranges": [
        {
            "vendor_product": "percona:percona_server",
            "cpes": [
                "cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE",
            "extracted_events": [
                {
                    "introduced": "5.6"
                },
                {
                    "fixed": "5.6.32-78.1"
                }
            ]
        },
        {
            "vendor_product": "percona:xtradb_cluster",
            "extracted_events": [
                {
                    "introduced": "5.5"
                },
                {
                    "fixed": "5.5.41-37.0"
                }
            ],
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*"
            ]
        }
    ]
}
References

Affected packages

Git
github.com/mariadb/server

Affected ranges

Type
GIT
Repo
https://github.com/mariadb/server
Events
Introduced
5bfe1a3917ee1bddc7f2cde0c88961875148873c
Fixed
c8f0eeb9c8596be83fefb7fef9f9871e53edb020
Introduced
776555af021e917ce0d6235386b43ae59fdd5161
Fixed
5fc1ba604e27b7d9eaa2977ef5b0c180f6f62565
Introduced
c235de12ae3723b96944337bd89ad9cc87f21d8f
Fixed
f7d030489d2980c9deb733925515099ec256f6d2
Database specific 
{
    "cpe": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "5.5.0"
        },
        {
            "fixed": "5.5.54"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.0.29"
        },
        {
            "introduced": "10.1.0"
        },
        {
            "fixed": "10.1.21"
        }
    ]
}

Affected versions

mariadb-10.*
mariadb-10.1.0
mariadb-10.1.10
mariadb-10.1.11
mariadb-10.1.12
mariadb-10.1.13
mariadb-10.1.14
mariadb-10.1.15
mariadb-10.1.16
mariadb-10.1.17
mariadb-10.1.18
mariadb-10.1.19
mariadb-10.1.2
mariadb-10.1.20
mariadb-10.1.3
mariadb-10.1.4
mariadb-10.1.5
mariadb-10.1.6
mariadb-10.1.7
mariadb-10.1.8
mariadb-10.1.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6664.json"
github.com/mysql/mysql-server

Affected ranges

Type
GIT
Repo
https://github.com/mysql/mysql-server
Events
Introduced
54df0057e18d8c82c23fbd4e0bf5b5dc2e762955
Last affected
7d57772f47e0d69b2e2a7bcd62da59e54f8c8343
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c3a8ca1ed0063d4bca761ac9b57718796242ccc1
Last affected
1020e95bb203bd500ece736163e44a2034beba4d
Database specific 
{
    "cpe": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "5.5.0"
        },
        {
            "last_affected": "5.5.51"
        },
        {
            "introduced": "5.6.0"
        },
        {
            "last_affected": "5.6.32"
        },
        {
            "introduced": "5.7.0"
        },
        {
            "last_affected": "5.7.14"
        }
    ]
}

Affected versions

mysql-3.*
mysql-3.23.22-beta
mysql-3.23.28-gamma
mysql-3.23.30-gamma
mysql-3.23.31
mysql-3.23.32
mysql-3.23.33
mysql-3.23.36
mysql-4.*
mysql-4.0.2
mysql-4.0.4
mysql-5.*
mysql-5.1.4
mysql-5.5.15
mysql-5.5.19
mysql-5.5.23
mysql-5.5.25
mysql-5.5.27
mysql-5.5.44
mysql-5.5.47
mysql-5.5.49
mysql-5.5.51
mysql-5.6.32
mysql-5.7.14

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6664.json"
github.com/percona/percona-server

Affected ranges

Type
GIT
Repo
https://github.com/percona/percona-server
Events
Introduced
ba312212c98fb993434cc7420950102ecca7793d
Fixed
6a9ff9a10b3ba41710a735cbff0f1d89d0dc0219
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4c779b72b4804ad04266bf8abc9e787034698a20
Fixed
1f84ccd54525a4a513a12a2884f12a7d31a85867
Database specific 
{
    "cpe": "cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "5.5"
        },
        {
            "fixed": "5.5.51-38.2"
        },
        {
            "introduced": "5.6"
        },
        {
            "fixed": "5.6.32-78.1"
        },
        {
            "introduced": "5.7"
        },
        {
            "fixed": "5.7.14-8"
        }
    ]
}

Affected versions

Percona-Server-5.*
Percona-Server-5.5.34-32.0
Percona-Server-5.5.35-33.0
Percona-Server-5.5.51-38.1
Percona-Server-5.6.14-62.0
Percona-Server-5.6.15-63.0
Percona-Server-5.6.22-72.0
Percona-Server-5.6.32-78.0
Percona-Server-5.6.5-60.0
Percona-Server-5.7.14-7
clone-5.*
clone-5.1.0-build
clone-5.1.31-pv-0.2.0-build
clone-5.1.4-build
clone-5.4.0-build
clone-5.6.3-m5-build
clone-5.6.3-m6-build
last-PS-5.*
last-PS-5.5-as-patches
mysql-3.*
mysql-3.23.22-beta
mysql-3.23.28-gamma
mysql-3.23.30-gamma
mysql-3.23.31
mysql-3.23.32
mysql-3.23.33
mysql-3.23.36
mysql-4.*
mysql-4.0.2
mysql-4.0.4
mysql-5.*
mysql-5.1.4
mysql_4.*
mysql_4.0
mysqlsummit-0.*
mysqlsummit-0.2.0
mysqlsummit-0.2.0-build
mysqlsummit-0.2.1
mysqlsummit-0.2.1-build
Other
pre-null-merge

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6664.json"
github.com/percona/percona-xtradb-cluster

Affected ranges

Type
GIT
Repo
https://github.com/percona/percona-xtradb-cluster
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0ca1798609a5b29b30da520de96dfa7a7f8afaac
Fixed
6a03453bccf54324059a4d6beb39f2d735c37ad6
Database specific 
{
    "cpe": "cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "5.6"
        },
        {
            "fixed": "5.6.32-25.17"
        },
        {
            "introduced": "5.7"
        },
        {
            "fixed": "5.7.14-26.17"
        }
    ]
}

Affected versions

Percona-Server-5.*
Percona-Server-5.6.5-60.0
Percona-XtraDB-Cluster-5.*
Percona-XtraDB-Cluster-5.6.14-25.1
Percona-XtraDB-Cluster-5.6.15-25.2
Percona-XtraDB-Cluster-5.6.15-25.3
Percona-XtraDB-Cluster-5.6.15-25.4
Percona-XtraDB-Cluster-5.6.15-25.5
Percona-XtraDB-Cluster-5.6.19-25.6
Percona-XtraDB-Cluster-5.6.20-25.7
Percona-XtraDB-Cluster-5.6.24-25.11
last-PS-5.*
last-PS-5.5-as-patches
Other
pre-null-merge
pxc_5.*
pxc_5.6.25-25.12-3.12

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6664.json"