Description Thomas Deutschmann (RETIRED) 2016-11-09 19:46:55 UTC

See bug 599332 for details. However, from $URL:

These vulnerabilities are follow-ups on CVE-2016-6662, which we addressed in a blog post in September, which was about Remote Root Code Execution.

CVE-2016-6663 makes use of a race condition when performing REPAIR TABLE on a MyISAM table. There were unsafe system calls performed by the REPAIR TABLE statement where it could be possible to intervene with commands resulting in permission changes on directories and files. This could then be used to obtain a shell with the rights of the user running MariaDB Server.

CVE-2016-6663 is fixed as of the following versions of MariaDB Server:
•MariaDB Server 10.1.18, released on September 30
•MariaDB Server 10.0.28, released on October 28
•MariaDB Server 5.5.52, released on September 13

Please upgrade to these versions (or newer) to be protected against CVE-2016-6663. The latest versions can be downloaded here.

Using a shell obtained through CVE-2016-6663, one can further exploit CVE-2016-6664 to gain root user access.

It’s important to note that CVE-2016-6664 is NOT exploitable by itself. Shell access must first be obtained through a vulnerability like CVE-2016-6663. Because CVE-2016-6663 has been fixed and is no longer exploitable, we’ve determined that CVE-2016-6664 is not critical on it’s own and doesn’t warrant an immediate fix to be released. A fix will be included in the next upcoming maintenance releases of MariaDB Server 5.5, 10.0 and 10.1.
- See more at: https://mariadb.com/resources/blog/update-security-vulnerabilities-cve-2016-6663-and-cve-2016-6664-related-mariadb#sthash.Q1KTK3ol.dpuf