12 Sep
2016
12 Sep
'16
10:53 p.m.
hwo should that be possible from a daemon runnign with a restricted user?
Some distros run mysqld_safe under root which also reads the *.cnf files (cowered in advisory). About the CVE-2016-6663 from author: "The CVE-2016-6663 is not public yet. I refer to it in the advisory to give some heads up in case someone wanted to discard this issue based on reasoning that FILE privs are not common and that they will never be pwned etc. It'll soon be published then it'll be clear what this CVEID is about ;)" rr