[arch-security] [ASA-201609-10] mariadb: multiple issues
Christian Rebischke
Chris.Rebischke at archlinux.org
Wed Sep 14 20:57:27 UTC 2016
Arch Linux Security Advisory ASA-201609-10
==========================================
Severity: Critical
Date : 2016-09-14
CVE-ID : CVE-2016-6662 CVE-2016-6663
Package : mariadb
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package mariadb before version 10.1.17-1 is vulnerable to multiple
issues including arbitrary code execution and access restriction bypass.
Resolution
==========
Upgrade to 10.1.17-1.
# pacman -Syu "mariadb>=10.1.17-1"
The problems have been fixed upstream in version 10.1.17.
Workaround
==========
None.
Description
===========
- CVE-2016-6662 (arbitrary code execution)
Researcher Dawid Golunski discovered several security issues in the
mariadb DBMS, including a vulnerability flaw that can be exploited by a
remote attacker to inject malicious settings into my.cnf configuration
files. The flaw can be triggered to fully compromise the DBMS by
executing arbitrary code with root privileges if mysqld_safe is
executed.
- CVE-2016-6663 (access restriction bypass)
In the past mariadb used to read the main configuration file from three
different locations. One of them (the datadir) is unsafe because it's
writeable by the sql-server. This way a remote attacker who could gain
access to the sql-server could deploy a maliciously crafted
configuration file.
Impact
======
A remote attacker is able to inject malicious configuration into
existing configuration files, create new configuration files, gain
access to logging functions and execute arbitrary code with root
privileges if mysqld_safe is executed.
References
==========
https://access.redhat.com/security/cve/CVE-2016-6662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6663
https://jira.mariadb.org/browse/MDEV-10465
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160914/8824003a/attachment.asc>
More information about the arch-security
mailing list