Oracle MySQL, MariaDB, Percona Server - Privilege Escalation via my.cnf
Title source: llmExploitation Summary
CVE-2016-6662 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 8 public exploits from researchers including Dawid Golunski, MAYASEVEN, Ashrafdev.
AI-analyzed exploit summary This exploit leverages CVE-2016-6662 to achieve remote root code execution or privilege escalation in MySQL/MariaDB/Percona by injecting a malicious trigger and shared library into the database directory, which then modifies the MySQL configuration file to load the library.
Description
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
Exploits (8)
This exploit leverages CVE-2016-6662 to achieve remote root code execution or privilege escalation in MySQL/MariaDB/Percona by injecting a malicious trigger and shared library into the database directory, which then modifies the MySQL configuration file to load the library.
This repository contains a functional exploit for CVE-2016-6662, which leverages SQL injection to achieve remote root code execution on MySQL servers. The exploit crafts a malicious trigger and shared library to modify the MySQL configuration file, leading to arbitrary code execution upon service restart.
This repository contains a functional exploit for CVE-2016-6662, a MySQL remote root code execution vulnerability. The exploit leverages MySQL's FILE privilege to write a malicious shared library and trigger to a target system, which then executes arbitrary code with root privileges.
This repository contains a functional exploit for CVE-2016-6662, a MySQL/MariaDB remote root code execution vulnerability. The exploit leverages weak file permissions to append malicious configuration entries, enabling arbitrary code execution via a preloaded shared library.
This repository provides an Ansible playbook and a bash script to patch MySQL servers against CVE-2016-6662, a vulnerability that allows attackers to write malicious .so files to the filesystem and modify configurations to load them. The patch modifies mysqld_safe to restrict .so file loading to standard system locations and checks/fixes permissions of MySQL configuration files.
This repository provides a functional lab environment demonstrating CVE-2016-6662, a MySQL Remote Root Code Execution vulnerability. It includes a Dockerized setup with a vulnerable MySQL 5.6 instance and a web application to exploit SQL injection for RCE via the `secure_file_priv` misconfiguration.
This repository contains Ansible playbooks to automate the setup of a vulnerable MySQL environment for CVE-2016-6662, which involves a remote code execution vulnerability in MySQL due to insecure file handling in logging configurations. The playbooks configure both a target (vulnerable MySQL server) and an attacker machine with necessary dependencies.
This repository provides an Ansible playbook to patch the mysqld_safe script against CVE-2016-6662, a vulnerability allowing arbitrary library loading via LD_PRELOAD. It applies the Percona fix to restrict library paths to system directories.
References (27)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H