{"id":4236,"date":"2016-09-13T07:42:39","date_gmt":"2016-09-13T02:12:39","guid":{"rendered":"https:\/\/www.qadit.com\/blog\/?p=4236"},"modified":"2016-09-13T07:42:39","modified_gmt":"2016-09-13T02:12:39","slug":"new-mysql-zero-days-hacking-website-databases","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/new-mysql-zero-days-hacking-website-databases\/","title":{"rendered":"New MySQL Zero Days \u2014 Hacking Website Databases"},"content":{"rendered":"

<\/p>\n

\n
\n

\nTwo critical zero-day vulnerabilities have been discovered in the world’s 2nd most popular database management software MySQL that could allow an attacker to take full control over the database.\n<\/p>\n

\nPolish security researcher Dawid Golunski has discovered two zero-days, CVE-2016-6662 and CVE-2016-6663, that affect all currently supported MySQL versions as well as its forked such as MariaDB and PerconaDB.\n<\/p>\n

\nGolunski further went on to publish details and a <\/p>\n

proof-of-concept exploit<\/a><\/p>\n

code for CVE-2016-6662 after informing Oracle of both issues, along with vendors of MariaDB and PerconaDB.\n<\/p>\n

\nBoth MariaDB and PerconaDB had fixed the vulnerabilities, but Oracle had not.\n<\/p>\n

\nThe vulnerability (CVE-2016-6662) can be exploited by hackers to inject malicious settings into MySQL configuration files or create their own malicious ones.<\/p>\n

Exploitation Vector?<\/b><\/p>\n

The above flaw could be exploited either via SQL Injection or by hackers with authenticated access to MySQL database (via a network connection or web interfaces like phpMyAdmin).\n<\/p>\n

\n“A successful exploitation [of CVE-2016-6662] could allow attackers to execute arbitrary code with root privileges which would then allow them to fully compromise the server on which an affected version of MySQL is running,” Golunski explained in an advisory published today.<\/p><\/blockquote>\n

\nThis could result in complete compromise of the server running the affected MySQL version.\n<\/p>\n

\nThe researcher also warned that the vulnerability could be exploited even if SELinux or AppArmor Linux kernel security module is enabled with default active policies for MySQL service on the major Linux distributions.\n<\/p>\n

\nThe flaw actually resides in the mysqld_safe script that is used as a wrapper by many MySQL default packages or installations to start the MySQL service process.\n<\/p>\n

\nThe mysqld_safe wrapper script is executed as root, and the primary mysqld process drops its privilege level to MySQL user, Golunski examined.\n<\/p>\n

\n“If an attacker managed to inject a path to their malicious library within the config, they would be able to preload an arbitrary library and thus execute arbitrary code with root privileges when MySQL service is restarted (manually, via a system update, package update, system reboot, etc.)”<\/p><\/blockquote>\n

\nThe researcher will soon release details and full exploit code for CVE-2016-6663, the flaw that allows low-privileged attackers to make exploitation trivial.\n<\/p>\n

\nGolunski reported the zero-day flaws to Oracle on July 29 and other affected vendors on July 29.\n<\/p>\n

\nWhile Oracle acknowledged and triaged the report, scheduling the next Oracle CPUs for October 18, 2016, MariaDB and PerconaDB patched their versions of the database software before the end of August.\n<\/p>\n

\nSince more than 40 days have passed and the two vendors released the patches to fix the issues, Golunski said he decided to go public with the details of the zero-days.<\/p>\n<\/div>\n<\/div>\n

via https:\/\/ift.tt\/2clFaHA<\/p>\n","protected":false},"excerpt":{"rendered":"

Two critical zero-day vulnerabilities have been discovered in the world’s 2nd most popular database management software MySQL that could allow an attacker to take full control over the database. Polish security researcher Dawid Golunski has discovered two zero-days, CVE-2016-6662 and CVE-2016-6663, that affect all currently supported MySQL versions as well as its forked such as … <\/p>\n

Continue reading “New MySQL Zero Days \u2014 Hacking Website Databases”<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[12],"tags":[],"class_list":["post-4236","post","type-post","status-publish","format-standard","hentry","category-itsec"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-16k","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4236","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=4236"}],"version-history":[{"count":1,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4236\/revisions"}],"predecessor-version":[{"id":4237,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4236\/revisions\/4237"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=4236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=4236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=4236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}