NVD - CVE-2016-6662
Archived: 2026-04-05 16:07:46 UTC
CVE-2016-6662 Detail
Description
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x
before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and
5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms
by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with
root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October
2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52,
5.6.33, and 5.7.15.
Metrics
 
NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other
sources is also displayed.
CVSS 3.x Severity and Vector Strings:
https://nvd.nist.gov/vuln/detail/CVE-2016-6662
Page 1 of 7

NIST: NVD
Base Score:  9.8 CRITICAL
Vector:  CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites
because they may have information that would be of interest to you. No inferences should be drawn on account of
other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for
your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these
sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please
address comments about this page to nvd@nist.gov.
URL Source(s) Tag(s)
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.htmlCVE,
MITRE
Third Party
Advisory 
https://nvd.nist.gov/vuln/detail/CVE-2016-6662
Page 2 of 7

URL Source(s) Tag(s)
http://rhn.redhat.com/errata/RHSA-2016-2058.html
CVE,
MITRE
Third Party
Advisory 
http://rhn.redhat.com/errata/RHSA-2016-2059.html
CVE,
MITRE
Third Party
Advisory 
http://rhn.redhat.com/errata/RHSA-2016-2060.html
CVE,
MITRE
Third Party
Advisory 
http://rhn.redhat.com/errata/RHSA-2016-2061.html
CVE,
MITRE
Third Party
Advisory 
http://rhn.redhat.com/errata/RHSA-2016-2062.html
CVE,
MITRE
Third Party
Advisory 
http://rhn.redhat.com/errata/RHSA-2016-2077.html
CVE,
MITRE
Third Party
Advisory 
http://rhn.redhat.com/errata/RHSA-2016-2130.html
CVE,
MITRE
Third Party
Advisory 
http://rhn.redhat.com/errata/RHSA-2016-2131.html
CVE,
MITRE
Third Party
Advisory 
http://rhn.redhat.com/errata/RHSA-2016-2595.html
CVE,
MITRE
Third Party
Advisory 
http://rhn.redhat.com/errata/RHSA-2016-2749.html
CVE,
MITRE
Third Party
Advisory 
http://rhn.redhat.com/errata/RHSA-2016-2927.html
CVE,
MITRE
Third Party
Advisory 
http://rhn.redhat.com/errata/RHSA-2016-2928.html
CVE,
MITRE
Third Party
Advisory 
http://rhn.redhat.com/errata/RHSA-2017-0184.html
CVE,
MITRE
Third Party
Advisory 
http://seclists.org/fulldisclosure/2016/Sep/23
CVE,
MITRE
Mailing List  Third
Party Advisory 
http://www.debian.org/security/2016/dsa-3666
CVE,
MITRE
Third Party
Advisory 
https://nvd.nist.gov/vuln/detail/CVE-2016-6662
Page 3 of 7

URL Source(s) Tag(s)
http://www.openwall.com/lists/oss-security/2016/09/12/3
CVE,
MITRE
Mailing List  Third
Party Advisory 
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-
2881722.html
CVE,
MITRE
Patch  Vendor
Advisory 
http://www.securityfocus.com/bid/92912
CVE,
MITRE
Third Party
Advisory  VDB
Entry 
http://www.securitytracker.com/id/1036769
CVE,
MITRE
Third Party
Advisory  VDB
Entry 
https://jira.mariadb.org/browse/MDEV-10465
CVE,
MITRE
Issue Tracking 
Vendor Advisory 
https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/
CVE,
MITRE
Release Notes 
Vendor Advisory 
https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/
CVE,
MITRE
Release Notes 
Vendor Advisory 
https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/
CVE,
MITRE
Release Notes 
Vendor Advisory 
https://security.gentoo.org/glsa/201701-01
CVE,
MITRE
Third Party
Advisory 
https://www.exploit-db.com/exploits/40360/
CVE,
MITRE
Exploit  Third Party
Advisory  VDB
Entry 
https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/CVE,
MITRE
Third Party
Advisory 
Weakness Enumeration
CWE-ID CWE Name Source
CWE-264 Permissions, Privileges, and Access Controls
NIST  
https://nvd.nist.gov/vuln/detail/CVE-2016-6662
Page 4 of 7

Known Affected Software Configurations Switch to CPE 2.2
Configuration 1 ( hide )
 cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
5.5.0
Up to (including)
5.5.52
 cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
5.6.0
Up to (including)
5.6.33
 cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
5.7.0
Up to (including)
5.7.15
Configuration 2 ( hide )
 cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
5.5
Up to (excluding)
5.5.51-38.1
 cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
5.6
Up to (excluding)
5.6.32-78.0
 cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
5.7
Up to (excluding)
5.7.14-7
Configuration 3 ( hide )
 cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
5.5.20
Up to (excluding)
5.5.51
 cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
10.0.0
Up to (excluding)
10.0.27
 cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
10.1.0
Up to (excluding)
10.1.17
Configuration 4 ( hide )
 cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
   Show Matching CPE(s)
Configuration 5 ( hide )
 cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
   Show Matching CPE(s)
https://nvd.nist.gov/vuln/detail/CVE-2016-6662
Page 5 of 7

cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
   Show Matching CPE(s)
https://nvd.nist.gov/vuln/detail/CVE-2016-6662
Page 6 of 7

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
   Show Matching CPE(s)
Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.
Change History
18 change records found show changes
Quick Info
CVE Dictionary Entry:
CVE-2016-6662
NVD Published Date:
09/20/2016
NVD Last Modified:
04/12/2025
Source:
MITRE
Source: https://nvd.nist.gov/vuln/detail/CVE-2016-6662
https://nvd.nist.gov/vuln/detail/CVE-2016-6662
Page 7 of 7