Summary: | [TRACKER] MySQL's general_log_file can be abused (CVE-2016-6662) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | diddledan, mysql-bugs |
Priority: | Normal | Keywords: | Tracker |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | ||
Whiteboard: | B1 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 593608, 593610, 593614, 593618 | ||
Bug Blocks: |
Description
Hanno Böck
2016-09-12 13:49:52 UTC
As a note on severity in Gentoo, we install but do not use the mysqld_safe script by default. Instead we call mysqld directly which does not keep root privileges A user could call this, but our supplied init scripts do not. Also this is fixed in MariaDB 5.5.51, 10.0.27, 10.1.17 (In reply to Brian Evans from comment #1) > As a note on severity in Gentoo, we install but do not use the mysqld_safe > script by default. > I have to adjust that, the systemd service does call it. I have a new version of dev-db/mysql-init-scripts ready which does not For dev-db/percona-server: $URL mentions: > The vulnerabilities were patched by PerconaDB and MariaDB vendors by > the end of 30th of August. But no commit could have been identified that such a fix was really released. Today an upstream bug report (https://bugs.launchpad.net/percona-server/+bug/1622603) was created to ask for clarification. Transforming this bug report into a tracker bug... CVE-2016-6652 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6652): SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call. (In reply to GLSAMaker/CVETool Bot from comment #5) > CVE-2016-6652 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6652): > SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 > (Gosling > SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository > that > defines a String query using the @Query annotation, allows attackers to > execute arbitrary JPQL commands via a sort instance with a function call. My bad. This issue was resolved and addressed in GLSA 201701-01 at https://security.gentoo.org/glsa/201701-01 by GLSA coordinator Thomas Deutschmann (whissi). |