MySQL: A remote authenticated user can gain elevated privileges.

Posted on Posted in MySQL server

Description: A vulnerability was reported in MySQL. A remote authenticated user can gain elevated privileges.

A remote authenticated user with SELECT/FILE permissions can exploit a flaw in the MySQL general query logging function to modify or create a 'my.cnf' file and cause arbitrary code to be executed with elevated privileges on the target system when the MySQL service is subsequently restarted.

The original advisory and demonstration exploit code is available at legalhackers.com

The issue was fixed in MySQL 5.7.15, 5.6.33 and 5.5.52, also in MariaDB 10.0.27 and Percona Server 5.7.14-7.

Fix: The installation candidates are not available in the CentOS/RHEL and Ubuntu/Debian software repositories yet but MySQL 5.7.15 and 2.6.33 are available at downloads.mysql.com.
MariaDB v.10.0.27 and later versions can be downloaded from downloads.mariadb.org.
Percona Server 5.7.14-7 can be downloaded at www.percona.com/downloads

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *