JSON View XML View

Key Value
MTID M114597
Title Oracle MySQL Unspecified Defect Privilege Escalation
Description A vulnerability in some versions of Oracle MySQL could lead to privilege escalation.
Observation A vulnerability in some versions of Oracle MySQL could lead to privilege escalation.

The flaw is due to an unspecified defect that could allow attackers to create /var/lib/mysql/my.cnf file with arbitrary contents without the FILE privilege
requirement. Successful exploitation could allow a local user to gain elevated privileges.
Recommendation Download the latest version of Oracle MySQL from the following location:

http://dev.mysql.com/downloads/installer/
Vendor Oracle
Attack Vector Authenticated locally logged on user with limited privileges
Importance 5
Impact 10.00084536000
Threat Score 6.56
Labels
Zero-Day
References
CVECVE-2016-6663
MTIDM114597
CPEs
cpe:/a:oracle:mysql:5.7.15
cpe:/a:oracle:mysql:5.6.33
cpe:/a:oracle:mysql:5.5.52
Created At 2016-09-12 00:00:00 UTC
Updated At 2016-12-22 11:44:27 UTC

Back