Bug 1008253 - (CVE-2016-6664) VUL-0: CVE-2016-6664: mariadb,mysql: Root Privilege Escalation
(CVE-2016-6664)
VUL-0: CVE-2016-6664: mariadb,mysql: Root Privilege Escalation
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/174337/
CVSSv2:SUSE:CVE-2016-6664:6.8:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-03 08:19 UTC by Alexander Bergmann
Modified: 2022-05-31 12:26 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2016-11-03 08:19:04 UTC
CVE-2016-6664

https://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html

=============================================
- Release date: 01.11.2016
- Discovered by: Dawid Golunski
- Severity: High/Critical
- CVE-2016-6664 / OCVE-2016-5617
- http://legalhackers.com
=============================================

I. VULNERABILITY
-------------------------

MySQL / MariaDB / PerconaDB   -   Root Privilege Escalation

MySQL  
	<= 5.5.51
	<= 5.6.32
	<= 5.7.14

MariaDB
	All current

Percona Server
	< 5.5.51-38.2
	< 5.6.32-78-1
	< 5.7.14-8

Percona XtraDB Cluster
	< 5.6.32-25.17
	< 5.7.14-26.17
	< 5.5.41-37.0

References:
CVE-2016-5617: bsc#1005563
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6664
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6664.html
Comment 2 Alexander Bergmann 2016-11-03 15:03:31 UTC
MariaDB Statement:

"It’s important to note that CVE-2016-6664 is NOT exploitable by itself. Shell access must first be obtained through a vulnerability like CVE-2016-6663. Because CVE-2016-6663 has been fixed and is no longer exploitable, we’ve determined that CVE-2016-6664 is not critical on it’s own and doesn’t warrant an immediate fix to be released. A fix will be included in the next upcoming maintenance releases of MariaDB Server 5.5, 10.0 and 10.1."
Comment 3 Swamp Workflow Management 2016-11-03 23:01:40 UTC
bugbot adjusting priority
Comment 4 Marcus Meissner 2016-12-01 10:03:04 UTC
(still open for mariadb, but not urgent)
Comment 7 Swamp Workflow Management 2017-02-07 17:09:07 UTC
SUSE-SU-2017:0411-1: An update that solves 11 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1008253,1020868,1020873,1020875,1020877,1020878,1020882,1020884,1020885,1020891,1020894,1020896,1022428
CVE References: CVE-2016-6664,CVE-2017-3238,CVE-2017-3243,CVE-2017-3244,CVE-2017-3257,CVE-2017-3258,CVE-2017-3265,CVE-2017-3291,CVE-2017-3312,CVE-2017-3317,CVE-2017-3318
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    mariadb-10.0.29-20.23.1
SUSE Linux Enterprise Server 12-LTSS (src):    mariadb-10.0.29-20.23.1
Comment 8 Swamp Workflow Management 2017-02-07 17:11:43 UTC
SUSE-SU-2017:0412-1: An update that solves 11 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1008253,1020868,1020873,1020875,1020877,1020878,1020882,1020884,1020885,1020891,1020894,1020896,1022428
CVE References: CVE-2016-6664,CVE-2017-3238,CVE-2017-3243,CVE-2017-3244,CVE-2017-3257,CVE-2017-3258,CVE-2017-3265,CVE-2017-3291,CVE-2017-3312,CVE-2017-3317,CVE-2017-3318
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    mariadb-10.0.29-22.1
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    mariadb-10.0.29-22.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    mariadb-10.0.29-22.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    mariadb-10.0.29-22.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    mariadb-10.0.29-22.1
SUSE Linux Enterprise Server 12-SP2 (src):    mariadb-10.0.29-22.1
SUSE Linux Enterprise Server 12-SP1 (src):    mariadb-10.0.29-22.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    mariadb-10.0.29-22.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    mariadb-10.0.29-22.1
Comment 9 Kristyna Streitova 2017-02-09 12:51:00 UTC
mysql
-----
It was already fixed within the previous update.


mariadb
-------
|       Codestream       |        Request         |
|------------------------|------------------------|
| SUSE:SLE-12:Update     | #127527                |
| SUSE:SLE-12-SP1:Update | #127361                |
| openSUSE:Leap:42.1     | using sources from SLE |
| openSUSE:Leap:42.2     | using sources from SLE |
| openSUSE:Factory       | #455745                |


All done here. I'm reassigning it back to the security-team.
Comment 10 Andreas Stieger 2017-02-16 20:50:11 UTC
done
Comment 11 Andreas Stieger 2017-02-16 20:50:25 UTC
seems all done
Comment 12 Swamp Workflow Management 2017-02-17 03:16:34 UTC
openSUSE-SU-2017:0486-1: An update that solves 11 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1008253,1020868,1020873,1020875,1020877,1020878,1020882,1020884,1020885,1020891,1020894,1020896,1022428
CVE References: CVE-2016-6664,CVE-2017-3238,CVE-2017-3243,CVE-2017-3244,CVE-2017-3257,CVE-2017-3258,CVE-2017-3265,CVE-2017-3291,CVE-2017-3312,CVE-2017-3317,CVE-2017-3318
Sources used:
openSUSE Leap 42.2 (src):    mariadb-10.0.29-18.1
openSUSE Leap 42.1 (src):    mariadb-10.0.29-18.1