Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Nov 2016 14:36:16 -0200
From: Dawid Golunski <>
Subject: MySQL / MariaDB / Percona - Root Privilege Escalation Exploit [
 CVE-2016-6664 / CVE-2016-5617 ]

Vulnerability: MySQL / MariaDB / PerconaDB - Root Privilege Escalation
CVE-2016-6664 / (Oracle)CVE-2016-5617

Discovered by:
Dawid Golunski (@dawid_golunski)

MySQL-based databases including MySQL, MariaDB and PerconaDB are affected
by a privilege escalation vulnerability which can let attackers who have
gained access to mysql system user (for example through CVE-2016-6663)
to further escalate their privileges to root user allowing them to
fully compromise the system.
The vulnerability stems from unsafe file handling of error logs and other files.

Affected versions:

<= 5.5.51
<= 5.6.32
<= 5.7.14

All current

Percona Server
< 5.5.51-38.2
< 5.6.32-78-1
< 5.7.14-8

Percona XtraDB Cluster
< 5.6.32-25.17
< 5.7.14-26.17
< 5.5.41-37.0

The latest / up-to-date advisory and a PoC exploit can be found at:

A copy of the advisory/exploit is also attached to this message.

PoC Video (showing the rootshell part towards the end) is at:

Attacker will need to obtain mysql account first which could be gained
with the other exploit (CVE-2016-6663) I discovered:

More updates on the feed:

Dawid Golunski
t: @dawid_golunski

View attachment "MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.txt" of type "text/plain" (17665 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ