maria-discuss team mailing list archive

Thread
Date

Re: Critical Update for CVE-2016-6662

To: <maria-discuss@xxxxxxxxxxxxxxxxxxx>
From: "Reinis Rozitis" <r@xxxxxxx>
Date: Mon, 12 Sep 2016 23:53:44 +0300
Importance: Normal
In-reply-to: <f319a032-ecf9-8bcc-46a7-c4619382d69a@thelounge.net>

hwo should that be possible from a daemon runnign with a restricted user?

Some distros run mysqld_safe under root which also reads the *.cnf files(cowered in advisory).



About the CVE-2016-6663 from author:

"The CVE-2016-6663 is not public yet. I refer to it in the advisory to givesome heads up in case someone wanted to discard this issue based onreasoning that FILE privs are not common and that they will never be pwnedetc. It'll soon be published then it'll be clear what this CVEID is about;)"

rr

Follow ups

Re: Critical Update for CVE-2016-6662
From: Reindl Harald, 2016-09-12

References

Critical Update for CVE-2016-6662
From: Alex, 2016-09-12
Re: Critical Update for CVE-2016-6662
From: Sergei Golubchik, 2016-09-12
Re: Critical Update for CVE-2016-6662
From: Reindl Harald, 2016-09-12
Re: Critical Update for CVE-2016-6662
From: Alex, 2016-09-12
Re: Critical Update for CVE-2016-6662
From: Reindl Harald, 2016-09-12