[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mysql-5.5 CVE-2016-6662

On 2016-09-12 18:34:34, Brian May wrote:
> Hello,
> I had a look at CVE-2016-6662. Looks pretty simple to understand. Looks
> like the ability for mysqld to create arbitrary log files - that may
> overwrite/create config files with write permissions for the mysql user
> - is a key factor.
> http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
> Anyone been able to find the upstream changes that address this?

I summarily looked in both percona and mariadb's git history, without

I added a note to the security tracker explaining that there's an
upstream MySQL release that fixes this. They have specific bug numbers
in their release notes that may be useful to track specific changesets

What I read about the vulnerability is that it's not as bad as it
seems. It requires pretty high privilege (SUPER and FILE) to exploit,
but it does provide a significant escalation mechanism (mysql to root).
So it shouldn't be neglected, particularly in the light of the supposed
*other* escalation (CVE_2016-6663) that may be published later.

The reasonable man adapts himself to the world.
The unreasonable man persists in trying to adapt the world to himself.
Therefore, all progress depends on the unreasonable man.
                        - George Bernard Shaw

Reply to: