Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MySQL Improper Link Resolution Before File Access (Link Following) Vulnerability - CVE-2016-6664 - Vulnerability Database
MySQL

MySQL Improper Link Resolution Before File Access (Link Following) Vulnerability - CVE-2016-6664

High
Reference: CVE-2016-6664
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-6664
Title: MySQL Improper Link Resolution Before File Access (Link Following) Vulnerability
Overview:

mysqld_safe in Oracle MySQL through 5.5.51 5.6.x through 5.6.32 and 5.7.x through 5.7.14 MariaDB Percona Server before 5.5.51-38.2 5.6.x before 5.6.32-78-1 and 5.7.x before 5.7.14-8 and Percona XtraDB Cluster before 5.5.41-37.0 5.6.x before 5.6.32-25.17 and 5.7.x before 5.7.14-26.17 when using file-based logging allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.