Arch Linux Security Advisory ASA-201609-10 ========================================== Severity: Critical Date : 2016-09-14 CVE-ID : CVE-2016-6662 CVE-2016-6663 Package : mariadb Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package mariadb before version 10.1.17-1 is vulnerable to multiple issues including arbitrary code execution and access restriction bypass. Resolution ========== Upgrade to 10.1.17-1. # pacman -Syu "mariadb>=10.1.17-1" The problems have been fixed upstream in version 10.1.17. Workaround ========== None. Description =========== - CVE-2016-6662 (arbitrary code execution) Researcher Dawid Golunski discovered several security issues in the mariadb DBMS, including a vulnerability flaw that can be exploited by a remote attacker to inject malicious settings into my.cnf configuration files. The flaw can be triggered to fully compromise the DBMS by executing arbitrary code with root privileges if mysqld_safe is executed. - CVE-2016-6663 (access restriction bypass) In the past mariadb used to read the main configuration file from three different locations. One of them (the datadir) is unsafe because it's writeable by the sql-server. This way a remote attacker who could gain access to the sql-server could deploy a maliciously crafted configuration file. Impact ====== A remote attacker is able to inject malicious configuration into existing configuration files, create new configuration files, gain access to logging functions and execute arbitrary code with root privileges if mysqld_safe is executed. References ========== https://access.redhat.com/security/cve/CVE-2016-6662 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6663 https://jira.mariadb.org/browse/MDEV-10465 http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-...