Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 624816 (CVE-2017-3265) - <dev-db/mysql-{5.5.56,5.6.35}: unsafe chmod/chown use in init script (CVE-2017-3265)
Summary: <dev-db/mysql-{5.5.56,5.6.35}: unsafe chmod/chown use in init script (CVE-201...
Alias: CVE-2017-3265
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B1 []
Depends on:
Reported: 2017-07-12 23:24 UTC by Volkan
Modified: 2017-07-13 13:00 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Volkan 2017-07-12 23:24:39 UTC
Multiple cases of insecure use of chmod and chown were found in the MySQL init script:

- In database directory initialization code:

- In code handling error log file creation and permission setting:

The mysql OS user could use these flaws to escalate privileges to root.

Note that the second issue is only exploitable in configurations where log file is stored in a directory writable to the mysql OS user.  If log file is stored in the /var/log directory, mysql user is not able to replace it with a link to some other file.

This issue was fixed in MySQL versions 5.5.54, 5.6.35, and 5.7.17.  The following related entry can be found in the release notes:

  Initialization scripts create the error log file only if the base
  directory is /var/log or /var/lib.

MySQL upstream commit:
Comment 1 Brian Evans Gentoo Infrastructure gentoo-dev 2017-07-12 23:36:06 UTC
Does not affect Gentoo.  We do not use that script.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-07-12 23:40:09 UTC
Doesn't affect Gentoo, we use dev-db/mysql-init-scripts.