CVE-2016-6664 – Oracle / MySQL – Race condition

CVE-2016-6664 is a race condition vulnerability impacting multiple versions of Oracle MySQL. An exploit was observed in open source and subsequently shared in the underground. Additionally, a walk-through demo of an exploit was shared via YouTube.

Summary:

CVE-2016-6664 is a race condition vulnerability impacting multiple versions of Oracle MySQL. An exploit was observed in open source and subsequently shared in the underground. Additionally, a walk-through demo of an exploit was shared via YouTube.

PoC Links(if available):

Exploit DB link –
https://www.exploit-db.com/exploits/40679

Known Counter Measures:

Oracle addressed the vulnerability in a critical patch update advisory with updated versions.

Links to patches(if available)

https://www.oracle.com/security-alerts/cpuoct2016.html