maria-discuss team mailing list archive

Thread
Date

Re: Critical Update for CVE-2016-6662

To: <maria-discuss@xxxxxxxxxxxxxxxxxxx>
From: "Reinis Rozitis" <r@xxxxxxx>
Date: Tue, 13 Sep 2016 00:58:09 +0300
Importance: Normal
In-reply-to: <6f8c6864-6e66-e789-3b35-6535391fcbe9@thelounge.net>

a service itself *must not* have the permissions to write it's configfiles

The safeguard script also reads configuration files from MySQLs datadirectory which is writable by the service.Though the author also cowers cases of bad configuration and possiblevictims.

"Root-Code-Execution" is clickbait

Since when a CVE is a clickbait ..

rr

Follow ups

Re: Critical Update for CVE-2016-6662
From: Reindl Harald, 2016-09-12

References

Critical Update for CVE-2016-6662
From: Alex, 2016-09-12
Re: Critical Update for CVE-2016-6662
From: Sergei Golubchik, 2016-09-12
Re: Critical Update for CVE-2016-6662
From: Reindl Harald, 2016-09-12
Re: Critical Update for CVE-2016-6662
From: Alex, 2016-09-12
Re: Critical Update for CVE-2016-6662
From: Reindl Harald, 2016-09-12
Re: Critical Update for CVE-2016-6662
From: Reinis Rozitis, 2016-09-12
Re: Critical Update for CVE-2016-6662
From: Reindl Harald, 2016-09-12
Re: Critical Update for CVE-2016-6662
From: Reinis Rozitis, 2016-09-12
Re: Critical Update for CVE-2016-6662
From: Reindl Harald, 2016-09-12