Vulnerability

Affected software: MySQL Governor versions below 1.2-46

MySQL Governor keeps semaphores in /dev/shm/ directory which is accessible from within CageFS. User can execute mkdir /dev/shm/sem.governor_bad_users_list_sem in a loop and wait for MySQL Governor to restart e.g. during update. If user wins a race, then directory is created and MySQL Governor can no longer be started due to segment violation error.

Exploit

$ while true; do mkdir /dev/shm/sem.governor_bad_users_list_sem; done

Solution

Update MySQL Governor to version 1.2-46 or later.

Timeline