漏洞类别:Database
漏洞等级: 
漏洞信息
Oracle MySQL is an open-source relational database management system (RDBMS).
The vulnerability exists in the mysqld_safe script which is used by many default installations/packages of MySQL as a wrapper to start the MySQL service process. This script is executed with root privileges and the main mysqld process lowers its privilege level to mysql user. An attacker could exploit this vulnerability by injecting a path to their malicious library within the config, pre-loading an arbitrary library and executing arbitrary code with root privileges when MySQL service is restarted.
Affected Versions:
Oracle MySQL versions 5.7.15, 5.6.33, 5.5.52 and prior
漏洞危害
Successful exploitation could allow remote, unauthenticated attackers to execute arbitrary code with root privileges which would then allow them to fully compromise the server on which an affected version of MySQL is running.
解决方案
N/A
Workaround:
As a temporary workaround, administrator are advised to ensure that no mysql config files are owned by mysql user. They are also advised to create root-owned dummy my.cnf files if not in use.
0day
文章评论