Monday, November 21, 2016

MySQL / MariaDB: Privilege Escalation / Race Condition / Root Privilege Escalation (CVE-2016-6663 and CVE-2016-6664)

Several new security vulnerabilities that affect some versions of MySQL and MariaDB were announced recently:

We want to let you know that all the published Bitnami Stacks that include MySQL or MariaDB as the database server are not affected, since they are using non-affected versions of the component.

CVE-2016-6663

The vulnerability can allow a local system user with access to the affected database in the context of a low-privileged account (CREATE/INSERT/SELECT grants) to escalate their privileges and execute arbitrary code as the database system user.

Successful exploitation would allow an attacker to gain access to all of the databases stored on the affected database server.

Affected versions:

MariaDB 
< 5.5.52
< 10.1.18
        < 10.0.28

MySQL  
<= 5.5.51
<= 5.6.32
<= 5.7.14

More information about this issue can be found at the following link: https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html

CVE-2016-6664

MySQL-based databases including MySQL, MariaDB and Percona are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user to further escalate their privileges to root user allowing them to fully compromise the system.
The vulnerability stems from unsafe file handling of error logs and other files.

Affected versions:

MySQL  
<= 5.5.51
<= 5.6.32
<= 5.7.14

MariaDB
All current

More information about this issue can be found at the following link: https://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html

Are you using an affected version of the server or do you have questions about the security issue? Please post to our community forum and we will be happy to help you.