Link Following Affecting mariadb-embedded-devel package, versions <1:5.5.56-2.el7


Severity

Recommended
medium

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

Exploit Maturity
Mature
EPSS
11.76% (96th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL7-MARIADBEMBEDDEDDEVEL-4712378
  • published26 Jul 2021
  • disclosed19 Oct 2016

Introduced: 19 Oct 2016

CVE-2016-6664  (opens in a new tab)
CWE-59  (opens in a new tab)

How to fix?

Upgrade RHEL:7 mariadb-embedded-devel to version 1:5.5.56-2.el7 or higher.
This issue was patched in RHSA-2017:2192.

NVD Description

Note: Versions mentioned in the description apply only to the upstream mariadb-embedded-devel package and not the mariadb-embedded-devel package as distributed by RHEL. See How to fix? for RHEL:7 relevant fixed versions and status.

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.

CVSS Scores

version 3.1