mysqld_safe in Oracle MySQL up to and including 5.5.51, 5.6.x up to and including 5.6.32, and 5.7.x up to and including 5.7.14; MariaDB; Percona Server prior to 5.5.51-38.2, 5.6.x prior to 5.6.32-78-1, and 5.7.x prior to 5.7.14-8; and Percona XtraDB Cluster prior to 5.5.41-37.0, 5.6.x prior to 5.6.32-25.17, and 5.7.x prior to 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle mysql |
||
mariadb mariadb |
||
percona percona server |
||
percona xtradb cluster |
MySQL, MariaDB, and Percona pwned.
Dangerous since-patched vulnerabilities in MySQL, MariaDB, and Percona's Server and XtraDB Cluster have been found that, when chained, allow attackers in shared environments complete compromise of servers. The database servers are among the world's most popular and count all major tech giants as customers including Google and its properties; Facebook; Twitter; eBay; Cisco; Amazon and Netflix, plus scores more. Legalhackers vulnerability hunter Dawid Golunski (@dawid_golunski) says the race condi...