Bugzilla – Bug 1020885
VUL-0: CVE-2017-3265: mariadb,mysql: unsafe chmod/chown use in init script (CPU Jan 2017)
Last modified: 2020-06-08 23:23:35 UTC
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H). Via RH: Multiple cases of insecure use of chmod and chown were found in the MySQL init script: - In database directory initialization code: https://github.com/mysql/mysql-server/blob/mysql-5.6.34/packaging/rpm-oel/mysql.init#L97 - In code handling error log file creation and permission setting: https://github.com/mysql/mysql-server/blob/mysql-5.6.34/packaging/rpm-oel/mysql.init#L73 The mysql OS user could use these flaws to escalate privileges to root. Note that the second issue is only exploitable in configurations where log file is stored in a directory writable to the mysql OS user. If log file is stored in the /var/log directory, mysql user is not able to replace it with a link to some other file. This issue was fixed in MySQL versions 5.5.54, 5.6.35, and 5.7.17. The following related entry can be found in the release notes: Initialization scripts create the error log file only if the base directory is /var/log or /var/lib. http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-17.html MySQL upstream commit: https://github.com/mysql/mysql-server/commit/53230ba274a37fa13d65e802c6ef3766cd0c6d91#diff-5fccc3d0e109e8f9ad0653728bd1d975 References: https://bugzilla.redhat.com/show_bug.cgi?id=1414423 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3265 http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-3265.html
bugbot adjusting priority
SUSE-SU-2017:0408-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1020868,1020873,1020875,1020877,1020882,1020884,1020885,1020890,1020891,1020894,1020896,1022428 CVE References: CVE-2017-3238,CVE-2017-3243,CVE-2017-3244,CVE-2017-3258,CVE-2017-3265,CVE-2017-3291,CVE-2017-3312,CVE-2017-3313,CVE-2017-3317,CVE-2017-3318 Sources used: SUSE OpenStack Cloud 5 (src): mysql-5.5.54-0.35.1 SUSE Manager Proxy 2.1 (src): mysql-5.5.54-0.35.1 SUSE Manager 2.1 (src): mysql-5.5.54-0.35.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): mysql-5.5.54-0.35.1 SUSE Linux Enterprise Server 11-SP4 (src): mysql-5.5.54-0.35.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): mysql-5.5.54-0.35.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): mysql-5.5.54-0.35.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): mysql-5.5.54-0.35.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): mysql-5.5.54-0.35.1
SUSE-SU-2017:0411-1: An update that solves 11 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1008253,1020868,1020873,1020875,1020877,1020878,1020882,1020884,1020885,1020891,1020894,1020896,1022428 CVE References: CVE-2016-6664,CVE-2017-3238,CVE-2017-3243,CVE-2017-3244,CVE-2017-3257,CVE-2017-3258,CVE-2017-3265,CVE-2017-3291,CVE-2017-3312,CVE-2017-3317,CVE-2017-3318 Sources used: SUSE Linux Enterprise Server for SAP 12 (src): mariadb-10.0.29-20.23.1 SUSE Linux Enterprise Server 12-LTSS (src): mariadb-10.0.29-20.23.1
SUSE-SU-2017:0412-1: An update that solves 11 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1008253,1020868,1020873,1020875,1020877,1020878,1020882,1020884,1020885,1020891,1020894,1020896,1022428 CVE References: CVE-2016-6664,CVE-2017-3238,CVE-2017-3243,CVE-2017-3244,CVE-2017-3257,CVE-2017-3258,CVE-2017-3265,CVE-2017-3291,CVE-2017-3312,CVE-2017-3317,CVE-2017-3318 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP2 (src): mariadb-10.0.29-22.1 SUSE Linux Enterprise Workstation Extension 12-SP1 (src): mariadb-10.0.29-22.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): mariadb-10.0.29-22.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): mariadb-10.0.29-22.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): mariadb-10.0.29-22.1 SUSE Linux Enterprise Server 12-SP2 (src): mariadb-10.0.29-22.1 SUSE Linux Enterprise Server 12-SP1 (src): mariadb-10.0.29-22.1 SUSE Linux Enterprise Desktop 12-SP2 (src): mariadb-10.0.29-22.1 SUSE Linux Enterprise Desktop 12-SP1 (src): mariadb-10.0.29-22.1
mysql ----- | Codestream | Request | |------------------------|----------| | SUSE:SLE-11-SP3:Update | #127359 | | openSUSE:Leap:42.1 | #455749 | | openSUSE:Leap:42.2 | via 42.1 | | openSUSE:Factory | #455744 | mariadb ------- | Codestream | Request | |------------------------|------------------------| | SUSE:SLE-12:Update | #127527 | | SUSE:SLE-12-SP1:Update | #127361 | | openSUSE:Leap:42.1 | using sources from SLE | | openSUSE:Leap:42.2 | using sources from SLE | | openSUSE:Factory | #455745 | All done here. I'm reassigning it back to the security-team.
This is an autogenerated message for OBS integration: This bug (1020885) was mentioned in https://build.opensuse.org/request/show/455749 42.1 / mysql-community-server
openSUSE-SU-2017:0479-1: An update that fixes 13 vulnerabilities is now available. Category: security (important) Bug References: 1020872,1020873,1020875,1020876,1020877,1020878,1020882,1020884,1020885,1020890,1020893,1020894,1020896 CVE References: CVE-2016-8318,CVE-2016-8327,CVE-2017-3238,CVE-2017-3244,CVE-2017-3257,CVE-2017-3258,CVE-2017-3265,CVE-2017-3273,CVE-2017-3291,CVE-2017-3312,CVE-2017-3313,CVE-2017-3317,CVE-2017-3318 Sources used: openSUSE Leap 42.1 (src): mysql-community-server-5.6.35-22.1
openSUSE-SU-2017:0486-1: An update that solves 11 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1008253,1020868,1020873,1020875,1020877,1020878,1020882,1020884,1020885,1020891,1020894,1020896,1022428 CVE References: CVE-2016-6664,CVE-2017-3238,CVE-2017-3243,CVE-2017-3244,CVE-2017-3257,CVE-2017-3258,CVE-2017-3265,CVE-2017-3291,CVE-2017-3312,CVE-2017-3317,CVE-2017-3318 Sources used: openSUSE Leap 42.2 (src): mariadb-10.0.29-18.1 openSUSE Leap 42.1 (src): mariadb-10.0.29-18.1
This is an autogenerated message for OBS integration: This bug (1020885) was mentioned in https://build.opensuse.org/request/show/476795 42.2 / mysql-community-server
openSUSE-SU-2017:0618-1: An update that fixes 13 vulnerabilities is now available. Category: security (important) Bug References: 1020872,1020873,1020875,1020876,1020877,1020878,1020882,1020884,1020885,1020890,1020893,1020894,1020896 CVE References: CVE-2016-8318,CVE-2016-8327,CVE-2017-3238,CVE-2017-3244,CVE-2017-3257,CVE-2017-3258,CVE-2017-3265,CVE-2017-3273,CVE-2017-3291,CVE-2017-3312,CVE-2017-3313,CVE-2017-3317,CVE-2017-3318 Sources used: openSUSE Leap 42.2 (src): mysql-community-server-5.6.35-22.1
released