[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Questions regarding MySQL update

On Wed, Sep 14, 2016 at 09:07:32AM -0400, Roberto C. Sánchez wrote:
> That is not to say that they couldn't have addressed the vulnerabilities
> without contacting David to tell him that they had done say.  That said,
> the exploit is explained in a very detailed and methodical way in the
> advisory.  Later on today I will work on replicating the exploit using
> the latest 5.5.52 packages from Ubuntu to confirm that this version in
> fact does fix the vulnerability.

By the time I got to this I saw that the security team had uploaded
5.5.52 to jessie, so I used that as a testbed.  The 5.5.52 update does
in fact prevent the exploit from taking place.  Specifically, the error
message indicates that MySQL now rejects writing the query output to a
file that ends in .cnf or .ini.  I was able to change the file name and
MySQL would still write it, but an arbirtarily named file clearly
doesn't accomplish the objective of the exploit.

That said, the references in the advisory to the imminent CVE-2016-6663
make me think that there is likely more to this.

Roberto C. Sánchez

Attachment: signature.asc
Description: Digital signature

Reply to: