Intrusion Prevention

MySQL.Commad.Repair.RC.Privilege.Escalation

Description

This indicates an attack attempt to exploit a Privilege Escalation vulnerability in MySql, MariaDB, Percona Server and Percona XtraDB Cluster.
This vulnerability is due to a race condition which happens during execution of REPAIR command. An attacker may be able to exploit this to escalate his/her privilege.

Affected Products

MariaDB prior to 5.5.52
MariaDB prior to 10.1.18
MariaDB prior to 10.0.28
MySQL 5.5.51 and prior
MySQL 5.6.32 and prior
MySQL 5.7.14 and prior
Percona Server prior to 5.5.51-38.2
Percona Server prior to 5.6.32-78-1
Percona Server prior tp 5.7.14-8
Percona XtraDB Cluster prior to 5.6.32-25.17
Percona XtraDB Cluster prior to 5.7.14-26.17
Percona XtraDB Cluster prior to 5.5.41-37.0

Impact

Privilege Escalation: Remote attackers can leverage their privilege on the vulnerable systems

Recommended Actions

Apply the most recent upgrade or patch from the vendors
https://www.mysql.com/downloads/
https://mariadb.org/download/
https://www.percona.com/downloads/

CVE References

CVE-2016-5616 CVE-2016-6663