oss-sec mailing list archives
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )
From: HW42 <hw42 () ipsumj de>
Date: Tue, 13 Sep 2016 01:53:00 +0000
From the advisory:
on MySQL versions in branches 5.5 and 5.6. The datadir location for my.cnf has only been removed from MySQL starting from 5.7 branch however in many configurations it will still load config from: /var/lib/mysql/.my.cnf
This is only the case if HOME is set to /var/lib/mysql, right? So for example not in the Debian config?
IX. VENDOR RESPONSE / SOLUTION -------------------------
[...]
No official patches or mitigations are available at this time from the vendor. As temporary mitigations, users should ensure that no mysql config files are owned by mysql user, and create root-owned dummy my.cnf files that are not in use.
Would it not be a better mitigation to not read the conf files from the data directory at all? Something like the attached patch.
Attachment:
mysql.patch
Description:
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Dawid Golunski (Sep 12)
- Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Solar Designer (Sep 12)
- Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Dawid Golunski (Sep 12)
- Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) HW42 (Sep 13)
- Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Solar Designer (Sep 12)