There has been found a security vulnerability in MySQL for Windows. The vulnerability is a privilege escalation type of vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files.
By placing a specially-crafted openssl.cnf in a C:\build_area subdirectory, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable MySQL software installed.
This vulnerability is addressed in the MySQL Windows installer version 8.0.24 and 5.7.34.
More information can be read here.
No comments:
Post a Comment