Over a calendar month agone nosotros reported well-nigh two critical zero-day vulnerabilities inwards the world's 2d most pop database management software MySQL:
On Tuesday, Golunski has released proof-of-concept (POC) exploits for ii vulnerabilities:
One is the previously promised critical privilege escalation vulnerability (CVE-2016-6663), as well as simply about other is a novel rootage privilege escalation põrnikas (CVE-2016-6664) that could let an aggressor to induce got sum command over the database.
Both the vulnerabilities behave upon MySQL version 5.5.51 as well as earlier, MySQL version 5.6.32 as well as earlier, as well as MySQL version 5.7.14 as well as earlier, every bit good every bit MySQL forks — Percona Server as well as MariaDB.
The to a greater extent than severe of the ii is the race status põrnikas (CVE-2016-6663) that tin let a low-privileged concern human relationship (with CREATE/INSERT/SELECT grants) alongside access to the affected database to escalate their privileges as well as execute arbitrary code every bit the database organisation user (i.e. 'mysql').
Once exploited, an aggressor could successfully arrive at access to all databases inside the affected database server.
Another critical flaw inwards MySQL database is a rootage privilege escalation põrnikas that could let attackers alongside 'MySQL organisation user' privilege to farther escalate their privileges to rootage user, allowing them to fully compromise the system.
The consequence genuinely stems from dangerous file treatment of fault logs as well as other files, which comes nether MySQL organisation user privileges, allowing it to hold out replaced alongside an arbitrary organisation file, which opens the door to rootage privileges.
What's to a greater extent than troublesome? An aggressor alongside a low-privileged concern human relationship tin likewise accomplish rootage privilege past times starting fourth dimension exploiting the Privilege Escalation flaw (CVE-2016-6663) to choke 'MySQL organisation user' as well as so let attackers to fully compromise the targeted server.
All these vulnerabilities could hold out exploited inwards shared hosting environments where users are assigned access to carve upwards databases. By exploiting the flaws, they could arrive at access to all databases.
Golunski has published the proof-of-concept exploit code (Exploit 1, Exploit 2) for both the flaws as well as volition before long upload videos.
MySQL has fixed the vulnerabilities as well as all of the patches ultimately institute their means into Oracle's quarterly Critical Patch Update final month.
Administrators are strongly advised to apply patches every bit before long every bit possible inwards lodge to avoid hackers seeking to exploit the vulnerabilities.
If y'all are unable to directly apply patches, as well as then every bit a temporary mitigation y'all tin likewise disable symbolic link back upwards inside your database server configuration to this setting — my.cnf to symbolic-links = 0 — inwards an endeavour to protect yourself against cyber attacks.
- MySQL Remote Root Code Execution (CVE-2016-6662)
- Privilege Escalation (CVE-2016-6663)
On Tuesday, Golunski has released proof-of-concept (POC) exploits for ii vulnerabilities:
One is the previously promised critical privilege escalation vulnerability (CVE-2016-6663), as well as simply about other is a novel rootage privilege escalation põrnikas (CVE-2016-6664) that could let an aggressor to induce got sum command over the database.
Both the vulnerabilities behave upon MySQL version 5.5.51 as well as earlier, MySQL version 5.6.32 as well as earlier, as well as MySQL version 5.7.14 as well as earlier, every bit good every bit MySQL forks — Percona Server as well as MariaDB.
Privilege Escalation/Race Condition Bug (CVE-2016-6663)
Once exploited, an aggressor could successfully arrive at access to all databases inside the affected database server.
Root Privilege Escalation (CVE-2016-6664)
Another critical flaw inwards MySQL database is a rootage privilege escalation põrnikas that could let attackers alongside 'MySQL organisation user' privilege to farther escalate their privileges to rootage user, allowing them to fully compromise the system.
The consequence genuinely stems from dangerous file treatment of fault logs as well as other files, which comes nether MySQL organisation user privileges, allowing it to hold out replaced alongside an arbitrary organisation file, which opens the door to rootage privileges.
What's to a greater extent than troublesome? An aggressor alongside a low-privileged concern human relationship tin likewise accomplish rootage privilege past times starting fourth dimension exploiting the Privilege Escalation flaw (CVE-2016-6663) to choke 'MySQL organisation user' as well as so let attackers to fully compromise the targeted server.
All these vulnerabilities could hold out exploited inwards shared hosting environments where users are assigned access to carve upwards databases. By exploiting the flaws, they could arrive at access to all databases.
Golunski has published the proof-of-concept exploit code (Exploit 1, Exploit 2) for both the flaws as well as volition before long upload videos.
MySQL has fixed the vulnerabilities as well as all of the patches ultimately institute their means into Oracle's quarterly Critical Patch Update final month.
Administrators are strongly advised to apply patches every bit before long every bit possible inwards lodge to avoid hackers seeking to exploit the vulnerabilities.
If y'all are unable to directly apply patches, as well as then every bit a temporary mitigation y'all tin likewise disable symbolic link back upwards inside your database server configuration to this setting — my.cnf to symbolic-links = 0 — inwards an endeavour to protect yourself against cyber attacks.