FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662

Affected packages
mysql57-client < 5.7.15
mysql57-server < 5.7.15
mysql56-client < 5.6.33
mysql56-server < 5.6.33
mysql55-client < 5.5.52
mysql55-server < 5.5.52

Details

VuXML ID dc596a17-7a9e-11e6-b034-f0def167eeea
Discovery 2016-09-12
Entry 2016-11-24
Modified 2016-11-24

LegalHackers' reports:

RCE Bugs discovered in MySQL and its variants like MariaDB. It works by manipulating my.cnf files and using --malloc-lib. The bug seems fixed in MySQL 5.7.15 by Oracle

[source]

References

URL http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
URL https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.