Critical MySQL Bugs Discovered

 The two critical vulnerabilities, which researchers say can lead to arbitrary code execution, root privilege escalation, and server compromise has been discovered in MySQL (CVE-2016-6664) and it’s forks like Percona Server, Percona XtraDB Cluster, and MariaDB.  Dawid Golunski says you should install the latest updates as soon as possible, or in cases where the patches cannot be applied, they should disable symbolic link support within the database server configuration by setting
symbolic-links=0

in my.cnf.

The error.log file on most default installations of MySQL/PerconaDB/MariaDB databases is stored either in /var/log/mysql or /var/lib/mysql directory.

The permissions on the file and directory look as follows:

root@trusty:/var/lib/mysql# ls -la /var/log/mysql
 total 468
 drwxr-s--- 2 mysql adm 4096 Sep 11 06:25 .
 drwxrwxr-x 36 root syslog 4096 Sep 11 06:25 ..
 -rw-r----- 1 mysql adm 0 Sep 11 06:25 error.log

root@trusty:/var/lib/mysql# ls -lad /var/log/mysql
 drwxr-s--- 2 mysql adm 4096 Sep 11 06:25 /var/log/mysql

mysqld_safe wrapper that is normally used for starting MySQL daemon and creating/reopening the error.log performs certain unsafe file operations that may allow attackers to gain root privileges.

The wrapper script contains a ‘while’ loop shown below which monitors the mysqld process and performs a restart in case of the process failure.
The restart involves re-creation of the error.log file if syslog logging has
not been configured instead of error log files (file-based logging is the
default setting on most installations).

The systems affected include:
MySQL
<= 5.5.51
<= 5.6.32
<= 5.7.14

MariaDB
All current

Percona Server
< 5.5.51-38.2
< 5.6.32-78-1
< 5.7.14-8

Percona XtraDB Cluster
< 5.6.32-25.17
< 5.7.14-26.17
< 5.5.41-37.0

You can read more here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s