CVE-2016-6663, CVE-2016-5616: MariaDB/MySQL/PerconaDB – Root Privilege Escalation
An independent research has revealed a race condition vulnerability which is present in MySQl, MariaDB and PerconaDB databases.
The vulnerability can allow a local system user with access to the affected database in the context of a low-privileged account (CREATE/INSERT/SELECT grants) to escalate their privileges and execute arbitrary code as the database system
user (typically ‘mysql’). Successful exploitation would allow an attacker to gain access to all of the databases stored on the affected database server.
The obtained level of access upon the exploitation, could be chained with the other privilege escalation vulnerabilities discovered by the author of this advisory (CVE-2016-6662 and CVE-2016-6664) to further escalate privileges from mysql user to root user and thus allow attackers to fully compromise the target server. Vulnerable versions are:
How to fix
MariaDB/MySQL/PerconaDB vendors have received a copy of this advisory in advance which allowed them to produce patches for this vulnerability before disclosure.
Update to security releases issued by the vendor. As a temporary mitigation, you can disable symbolic link support in the
database server configuration with the following my.cnf config setting:
symbolic-links = 0
Nevertheless, an update to a patched release is recommended.
PROOF OF CONCEPT EXPLOIT Source: http://legalhackers.com/