Pivotal + VMware: Transforming how more of the world builds software

All Vulnerability Reports

CVE-2016-6663 and CVE-2016-6664 MariaDB Root Privilege Escalation




MariaDB, MySQL, and Percona

Versions Affected
  • MySQL
    • 5.5.51
    • 5.6.32
    • 5.7.14
  • MariaDB
    • 10.1.17 and previous
  • Percona Server
    • 5.5.51-38.2
    • 5.6.32-78-1
    • 5.7.14-8
  • Percona XtraDB Cluster
    • 5.6.32-25.17
    • 5.7.14-26.17
    • 5.5.41-37.0

MySQL-based databases including MySQL, MariaDB and PerconaDB are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user to further escalate their privileges to root user allowing them to fully compromise the system. The vulnerability stems from unsafe file handling of error logs and other files.

Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • Any ERT 1.6.x versions before ERT 1.6.53
  • Any p-mysql 1.7.x versions before p-mysql 1.7.19

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • P-mysql: 1.7.18
    • PCF Elastic Runtime: 1.6.53

Dawid Golunski

Contact us