CVE-2016-6663 and CVE-2016-6664 MariaDB Root Privilege Escalation
MariaDB, MySQL, and Percona
- 10.1.17 and previous
- Percona Server
- Percona XtraDB Cluster
MySQL-based databases including MySQL, MariaDB and PerconaDB are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user to further escalate their privileges to root user allowing them to fully compromise the system. The vulnerability stems from unsafe file handling of error logs and other files.
Severity is medium unless otherwise noted.
- Any ERT 1.6.x versions before ERT 1.6.53
- Any p-mysql 1.7.x versions before p-mysql 1.7.19
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- P-mysql: 1.7.18
- PCF Elastic Runtime: 1.6.53