It’s been a busy month for file vulnerabilities. Thanks to Dawid Golunski at legalhackers.com for giving us all the opportunity to tighten security in our MySQL, MariaDB, and Percona Server instances.

Details were released for the CVE 6663 mentioned last week and for a new CVE 6664:

http://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html

http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html

Note that 6664 is dependent on 6663, and 6663 can be mitigated by turning off symbolic_links (=0). Upgrade to the latest versions also fixes the problem. Regardless, the attacker needs to have access to the box.

You can mitigate this issue by setting symbolic_links=0, but we recommend upgrading to permanently fix the issue. If you are using symbolic_links in your environment, your only solution is to upgrade. Oracle MySQL, MariaDB, and Percona Server have each patched this in their latest versions. As always, ensure that your database servers are not accessible outside your network.

(Originally published at: https://www.pythian.com/blog/new-mysql-file-system-vulnerabilities/)