MySQL is now a high-risk vulnerability that can cause the server root permission is stealing-vulnerability warning-the black bar safety net

ID MYHACK58:62201680901
Type myhack58
Reporter 佚名
Modified 2016-11-05T00:00:00


! Last week, a man named Dawid Golunski Polish hackers discovered the existence of the MySQL vulnerabilities: a remote root code execution exploit and a privilege escalation vulnerability. At the time, Golunski only provides the first vulnerability poc, but the commitment will disclose a second Vulnerability(CVE-2 0 1 6-6 6 6 3)for more details. On Tuesday, Golunski published for two vulnerabilities in the PoC: the first PoC for The is before the high-risk privilege escalation vulnerability, and another PoC for the it is a new root privilege escalation vulnerability exploit this vulnerability, an attacker can access to the entire database permissions. Vulnerability number CVE-2 0 1 6-6 6 6 3 CVE-2 0 1 6-6 6 6 4 Vulnerability MySQL version

MySQL derived version: Percona Server, MariaDB Vulnerability description Elevation of Privilege/race condition Vulnerability(CVE-2 0 1 6-6 6 6 3) Released this week, the two vulnerabilities, the more serious is race condition race condition)vulnerability, it can allow a low-privileged account that has the CREATE/INSERT/SELECT privileges elevation of privilege and to the system user identity to execute arbitrary code. Once the vulnerability be exploited, the hacker will be able to successfully get to the database server all database. Root privilege escalation(CVE-2 0 1 6-6 6 6 4) Another vulnerability is a root privilege escalation vulnerability this vulnerability allows with a MySQL user rights on the system an attacker to elevate privileges to root in order to further attack the entire system. Cause the cause of the problem is actually because of the MySQL error log and other files is not secure enough, these files can be replaced with any of the system files, thus be exploited to obtain root privileges. This vulnerability with the previously mentioned elevation of privilege vulnerability with the use of better flavor--hackers first use permission elevation Vulnerability(CVE-2 0 1 6-6 6 6 3)the ordinary user to System User, after the re-use of the root privilege elevation Vulnerability(CVE-2 0 1 6-6 6 6 4)to further enhance for the root user. All of these vulnerabilities can be in a shared environment. In a shared environment, users can access independently of the database. And through these vulnerabilities, hackers can get to all the database permissions.

Vulnerability PoC

Golunski has released two vulnerabilities PoC code: exploit 1, thevulnerability 2.

MySQL have fixed the two vulnerabilities, and in the last month of the quarterly update released the patch. Solution We strongly advise webmasters to quickly install the patch, if you can not immediately install patches, can also be used a temporary solution--shut down the database server in the configuration of symbolic link support in my. cnf setting symbolic-links = 0 in.