[BlueOnyx:20091] Re: MySQL zero day exploit
Michael Stauber
mstauber at blueonyx.it
Mon Sep 12 16:18:13 -05 2016
Hi Ernie,
> There is a serious newly discovered zero day exploit in MySQL.
>
> http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
Many thanks for the heads up. Our my.cnf on BlueOnyx is root owned and
doesn't allow write access:
~]# ls -la /etc/my.cnf
-rw-r--r-- 1 root root 443 29. Mai 2012 /etc/my.cnf
But as your link explains: Despite that there are still attack vectors
left to use this exploit. Let's see how fast fixed MySQL/MariaDB RPMs
become available from upstream.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list