oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )

From: HW42 <hw42 () ipsumj de>
Date: Tue, 13 Sep 2016 01:53:00 +0000
From the advisory:

on MySQL versions in branches 5.5 and 5.6.
The datadir location for my.cnf has only been removed from MySQL starting
from 5.7 branch however in many configurations it will still load config
from:

/var/lib/mysql/.my.cnf


This is only the case if HOME is set to /var/lib/mysql, right? So for
example not in the Debian config?


IX. VENDOR RESPONSE / SOLUTION
-------------------------

[...]

No official patches or mitigations are available at this time from the vendor.
As temporary mitigations, users should ensure that no mysql config files are
owned by mysql user, and create root-owned dummy my.cnf files that are not in
use.


Would it not be a better mitigation to not read the conf files from the
data directory at all? Something like the attached patch.

Attachment: mysql.patch
Description:

Attachment: signature.asc
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: