mysql-5.5 CVE-2016-6662
Hello,
I had a look at CVE-2016-6662. Looks pretty simple to understand. Looks
like the ability for mysqld to create arbitrary log files - that may
overwrite/create config files with write permissions for the mysql user
- is a key factor.
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
Anyone been able to find the upstream changes that address this?
While it might be possible to find a resolution anyway, it is probably
worth looking at the upstream solution first.
Out of time now, will continue looking later.
Regards
--
Brian May <bam@debian.org>
Reply to: