Bug 1386562
Summary: | CVE-2016-5616 mysql: unspecified vulnerability in subcomponent: Server: MyISAM (CPU October 2016) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED DUPLICATE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aortega, apevec, ayoung, byte, chrisw, cvsbot-xmlrpc, databases-maint, dciabrin, fdinitto, hhorak, jdornak, jjoyce, jorton, jschluet, jstanek, kbasil, lhh, lpeer, markmc, mbayer, mburns, mmuzila, mschorm, praiskup, rbryant, sclewis, slinaber, srevivo, tdecacqu |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | mysql 5.5.52, mysql 5.6.33, mysql 5.7.15 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-03 21:49:48 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1386607, 1386608, 1386609 | ||
Bug Blocks: | 1386598 |
Description
Adam Mariš
2016-10-19 09:02:24 UTC
Created mariadb tracking bugs for this issue: Affects: fedora-all [bug 1386608] Created community-mysql tracking bugs for this issue: Affects: fedora-all [bug 1386607] Created mariadb-galera tracking bugs for this issue: Affects: fedora-all [bug 1386609] The only change in MyISAM sub-component of MySQL in the listed versions is: https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 To exploit this flaw, attacker needs to have a local shell access on the server running MySQL server, and have write access to the data directory used to store database files. The data directory is normally only writeable to the mysql system user, who has full control over database files anyway. However, MyISAM engine allows users creating database tables to specify location where data files are stored using DATA DIRECTORY and INDEX DIRECTORY clauses for CREATE TABLE. That way, database files can be stored in any directory writeable to a local user. The DATA DIRECTORY and INDEX DIRECTORY clause is only applied when mysqld is running with symlink support enabled. The symlinks support is controlled via symbolic-links configuration directive and --symbolic-links / --skip-symbolic-links command line options. The default configuration of all MySQL and MariaDB packages on Red Hat Enterprise Linux 6 and later is to disable symlink support - symbolic-links=0 setting is used in the default my.cnf. With this setting, only mysql system user should be able to exploit this flaw. The mysql packages on Red Hat Enterprise Linux 5 have symlink support enabled by default, however, Red Hat has been recommending disabling symlink support since 2010: https://rhn.redhat.com/errata/RHSA-2010-0109.html MariaDB re-implemented this fix in a different way: https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Via RHSA-2016:2130 https://rhn.redhat.com/errata/RHSA-2016-2130.html This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Via RHSA-2016:2131 https://rhn.redhat.com/errata/RHSA-2016-2131.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2595 https://rhn.redhat.com/errata/RHSA-2016-2595.html This was confirmed to be a duplicate of CVE-2016-6663, see: http://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.txt *** This bug has been marked as a duplicate of bug 1378936 *** |