CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation

Updated -

Red Hat Product Security has been made aware of a vulnerability where the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privilege, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. This vulnerability has been assigned

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In