Описание
A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | mysql55-mysql | Will not fix | ||
| Red Hat Enterprise Linux 6 | mysql | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | mariadb-galera | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | mariadb-galera | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | mariadb-galera | Will not fix | ||
| Red Hat OpenStack Platform 10 (Newton) | mariadb-galera | Will not fix | ||
| Red Hat OpenStack Platform 11 (Ocata) | mariadb-galera | Will not fix | ||
| Red Hat OpenStack Platform 12 (Pike) | mariadb-galera | Will not fix | ||
| Red Hat OpenStack Platform 8 (Liberty) | mariadb-galera | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) | mariadb-galera | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1386564mysql: insecure error log file handling in mysqld_safe (CPU Oct 2016)
7.8 High
CVSS3
6.8 Medium
CVSS2
Связанные уязвимости
nvd
больше 8 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6664. Reason: This candidate is a reservation duplicate of CVE-2016-6664. Notes: All CVE users should reference CVE-2016-6664 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
oracle-oval
почти 8 лет назад
ELSA-2017-2192: mariadb security and bug fix update (MODERATE)
7.8 High
CVSS3
6.8 Medium
CVSS2