{"id":"CVE-2016-6662","details":"Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.","modified":"2026-04-11T05:00:37.382611Z","published":"2016-09-20T18:59:00.127Z","related":["SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","SUSE-SU-2016:2343-1","SUSE-SU-2016:2395-1","SUSE-SU-2016:2404-1","SUSE-SU-2016:2780-1","openSUSE-SU-2024:10200-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-01"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2928.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0184.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2058.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2131.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2595.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2059.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2749.html"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/"},{"type":"ADVISORY","url":"https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/"},{"type":"ADVISORY","url":"http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2060.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2062.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2077.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2927.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3666"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1036769"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2061.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2130.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2016/Sep/23"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/09/12/3"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/92912"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/"},{"type":"REPORT","url":"https://jira.mariadb.org/browse/MDEV-10465"},{"type":"FIX","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/40360/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"5bfe1a3917ee1bddc7f2cde0c88961875148873c"},{"last_affected":"754e7eff2872995e2b6e62f9da7448587a411c7b"},{"introduced":"5a6300dcc45da2d6c2b046560da0580548354b93"},{"fixed":"7d57772f47e0d69b2e2a7bcd62da59e54f8c8343"},{"introduced":"776555af021e917ce0d6235386b43ae59fdd5161"},{"fixed":"16702ec95f301d1a21eb5a6f5531387c9254b952"},{"introduced":"c235de12ae3723b96944337bd89ad9cc87f21d8f"},{"fixed":"a02642b66e06f95b80fa9ee592ba50eb61dc2f17"},{"introduced":"0"},{"last_affected":"ceb92f863a92d4b33a0aec6cccc847e602f8ee7e"}],"database_specific":{"versions":[{"introduced":"5.5.0"},{"last_affected":"5.5.52"},{"introduced":"5.5.20"},{"fixed":"5.5.51"},{"introduced":"10.0.0"},{"fixed":"10.0.27"},{"introduced":"10.1.0"},{"fixed":"10.1.17"},{"introduced":"0"},{"last_affected":"5.0"}]}},{"type":"GIT","repo":"https://github.com/mysql/mysql-server","events":[{"introduced":"0"},{"last_affected":"1235719370ff0a1e09e43c6eb825128d8caed647"},{"introduced":"0"},{"last_affected":"71f48ab393bce80a59e5a2e498cd1f46f6b43f9a"},{"introduced":"0"},{"last_affected":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"introduced":"0"},{"last_affected":"a5893933ee2698c632e14b06195a4c7883d4dcf7"},{"introduced":"0"},{"last_affected":"a5893933ee2698c632e14b06195a4c7883d4dcf7"},{"introduced":"0"},{"last_affected":"ae41ce7c4ecff5e1e336ab768867370b8c94e02d"},{"introduced":"0"},{"last_affected":"a5893933ee2698c632e14b06195a4c7883d4dcf7"}],"database_specific":{"versions":[{"introduced":"5.6.0"},{"last_affected":"5.6.33"},{"introduced":"5.7.0"},{"last_affected":"5.7.15"},{"introduced":"0"},{"last_affected":"8.0"},{"introduced":"0"},{"last_affected":"7.3"},{"introduced":"0"},{"last_affected":"7.3"},{"introduced":"0"},{"last_affected":"7.5"},{"introduced":"0"},{"last_affected":"7.3"}]}},{"type":"GIT","repo":"https://github.com/percona/percona-server","events":[{"introduced":"ba312212c98fb993434cc7420950102ecca7793d"},{"fixed":"b4a63b480bc048f8dbf053e52e3986d9965e47aa"},{"introduced":"0"},{"fixed":"8a8e01617c649c4fd5e8cc7e1bb9b402fc543887"},{"introduced":"0"},{"fixed":"4e95328f22c347ddd471c9acbc1e8ba8846eba01"}],"database_specific":{"versions":[{"introduced":"5.5"},{"fixed":"5.5.51-38.1"},{"introduced":"5.6"},{"fixed":"5.6.32-78.0"},{"introduced":"5.7"},{"fixed":"5.7.14-7"}]}}],"versions":["Percona-Server-5.5.34-32.0","Percona-Server-5.5.35-33.0","Percona-Server-5.6.14-62.0","Percona-Server-5.6.15-63.0","Percona-Server-5.6.22-72.0","Percona-Server-5.6.5-60.0","clone-5.1.0-build","clone-5.1.31-pv-0.2.0-build","clone-5.1.4-build","clone-5.4.0-build","clone-5.6.3-m5-build","clone-5.6.3-m6-build","import-readline-5.0","last-PS-5.5-as-patches","mariadb-10.1.0","mariadb-10.1.10","mariadb-10.1.11","mariadb-10.1.12","mariadb-10.1.13","mariadb-10.1.14","mariadb-10.1.15","mariadb-10.1.16","mariadb-10.1.2","mariadb-10.1.3","mariadb-10.1.4","mariadb-10.1.5","mariadb-10.1.6","mariadb-10.1.7","mariadb-10.1.8","mariadb-10.1.9","mariadb-galera-10.0.10","mariadb-galera-10.0.11","mariadb-galera-10.0.12","mariadb-galera-10.0.13","mariadb-galera-10.0.14","mariadb-galera-10.0.15","mariadb-galera-10.0.16","mariadb-galera-10.0.17","mariadb-galera-10.0.19","mariadb-galera-10.0.20","mariadb-galera-10.0.21","mariadb-galera-10.0.22","mariadb-galera-10.0.23","mariadb-galera-10.0.24","mariadb-galera-10.0.25","mariadb-galera-10.0.26","mariadb-galera-10.0.7","mariadb-galera-10.0.7a","mysql-3.23.22-beta","mysql-3.23.28-gamma","mysql-3.23.30-gamma","mysql-3.23.31","mysql-3.23.32","mysql-3.23.33","mysql-3.23.36","mysql-4.0.2","mysql-4.0.4","mysql-5.1.4","mysql-5.5.44","mysql-5.5.47","mysql-5.5.49","mysql-5.5.52","mysql-5.6.33","mysql-5.7.15","mysql-8.0.0","mysql-cluster-7.3","mysql-cluster-7.3.10","mysql-cluster-7.3.11","mysql-cluster-7.3.12","mysql-cluster-7.3.9","mysql-cluster-7.5.0","mysql_4.0","mysqlsummit-0.2.0","mysqlsummit-0.2.0-build","mysqlsummit-0.2.1","mysqlsummit-0.2.1-build","pre-null-merge"],"database_specific":{"vanir_signatures_modified":"2026-04-11T05:00:37Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8"}]},{"events":[{"introduced":"0"},{"last_affected":"9"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}],"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["284474919473169016970406210133607862503","56620395527721358171084621192052395955","155751907007791503660291135721680547973","284464292980216230235061452928340542994"]},"target":{"file":"sql/item_sum.cc"},"signature_type":"Line","signature_version":"v1","id":"CVE-2016-6662-16d79c87","deprecated":false,"source":"https://github.com/mariadb/server/commit/a02642b66e06f95b80fa9ee592ba50eb61dc2f17"},{"digest":{"function_hash":"260358408969056573440033318428069010350","length":1113},"target":{"file":"sql/item_sum.cc","function":"Item_sum::register_sum_func"},"signature_type":"Function","signature_version":"v1","id":"CVE-2016-6662-4f786aaf","deprecated":false,"source":"https://github.com/mariadb/server/commit/a02642b66e06f95b80fa9ee592ba50eb61dc2f17"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6662.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}