Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 624816 (CVE-2017-3265)

Summary: <dev-db/mysql-{5.5.56,5.6.35}: unsafe chmod/chown use in init script (CVE-2017-3265)
Product: Gentoo Security Reporter: Volkan <vBugZilla>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: mysql-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B1 []
Package list:
Runtime testing required: ---

Description Volkan 2017-07-12 23:24:39 UTC
Multiple cases of insecure use of chmod and chown were found in the MySQL init script:

- In database directory initialization code:

- In code handling error log file creation and permission setting:

The mysql OS user could use these flaws to escalate privileges to root.

Note that the second issue is only exploitable in configurations where log file is stored in a directory writable to the mysql OS user.  If log file is stored in the /var/log directory, mysql user is not able to replace it with a link to some other file.

This issue was fixed in MySQL versions 5.5.54, 5.6.35, and 5.7.17.  The following related entry can be found in the release notes:

  Initialization scripts create the error log file only if the base
  directory is /var/log or /var/lib.

MySQL upstream commit:
Comment 1 Brian Evans Gentoo Infrastructure gentoo-dev 2017-07-12 23:36:06 UTC
Does not affect Gentoo.  We do not use that script.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-07-12 23:40:09 UTC
Doesn't affect Gentoo, we use dev-db/mysql-init-scripts.