==================================================================== CERT-Renater Note d'Information No. 2016/VULN314 _____________________________________________________________________ DATE : 13/09/2016 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running MariaDB Server versions prior to 5.5.51, 10.0.27, 10.1.17. ===================================================================== https://mariadb.org/mariadb-server-versions-remote-root-code-execution-vulnerability-cve-2016-6662/ ____________________________________________________________________ MariaDB Server versions and the Remote Root Code Execution Vulnerability CVE-2016-6662 2016-09-13 Written by rasmus During the recent days there has been quite a lot of questions and discussion around a vulnerability referred to as MySQL Remote Root Code Execution / Privilege Escalation 0day with CVE code CVE-2016-6662. It’s a serious vulnerability and we encourage every MariaDB Server user to read the below update on the vulnerability from a MariaDB point of view. The vulnerability can be exploited by both local and remote users. Both an authenticated connection to or SQL injection in an affected version of MariaDB Server can be used to exploit the vulnerability. If successful, a library file could be loaded and executed with root privileges. The vulnerability makes use of the mysqld_safe startup script. Users that have installed MariaDB Server 10.1.8 or later from RPM or DEB packages are not affected by the vulnerability. This is due to the fact that in version 10.1.8, we started using systemd instead of init to manage the MariaDB service. In this case the mysqld_safe startup script isn’t used. All stable MariaDB versions (5.5, 10.0, 10.1) were fixed in August in the following versions: 5.5.51, released on August 10th 10.0.27, released on August 25th 10.1.17, released on August 30th If you’re on any of the above versions (or later) you’re protected against this vulnerability. If you happen to be testing an alpha version of 10.2, please be aware that the fix will be available in version 10.2.2. It is not available as of writing, but about to be released. For the complete report of the vulnerability, please refer to the advisory by Dawid Golunski (legalhackers.com) who discovered the vulnerability. ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================