Home > php教程 > PHP开发 > MySQL has a high-risk vulnerability that can cause server root permissions to be stolen

MySQL has a high-risk vulnerability that can cause server root permissions to be stolen

高洛峰
Release: 2016-11-09 09:20:38
Original
1839 people have browsed it

Last week, a Polish hacker named Dawid Golunski discovered vulnerabilities in MySQL: a remote root code execution vulnerability and a privilege escalation vulnerability. At that time, Golunski only provided a proof of concept for the first vulnerability, but promised to reveal more details about the second vulnerability (CVE-2016-6663) later.

On Tuesday, Golunski announced PoC for two vulnerabilities: the first PoC targets a previous high-risk privilege escalation vulnerability, while the other PoC targets a new root privilege escalation vulnerability. Using this vulnerability, An attacker can gain access to the entire database.

Vulnerability number

CVE-2016-6663

CVE-2016-6664

Vulnerability affects

MySQL version

MySQL derivatives: Percona Server, MariaDB

Vulnerability introduction

Privilege escalation/race condition vulnerability (CVE-2016-6663)

The more serious of the two vulnerabilities released this week is the race condition vulnerability, which can allow a low-level A privileged account (with CREATE/INSERT/SELECT privileges) escalates privileges and executes arbitrary code as a system user.

Once the vulnerability is exploited, hackers can successfully obtain all databases in the database server.

Root privilege escalation (CVE-2016-6664)

Another vulnerability is the root privilege escalation vulnerability. This vulnerability allows an attacker with MySQL system user privileges to elevate privileges to root to further attack the entire system.

The reason for this problem is actually that MySQL's handling of error logs and other files is not secure enough. These files can be replaced with arbitrary system files and thus exploited to gain root privileges.

This vulnerability works better when used in conjunction with the privilege escalation vulnerability mentioned earlier - hackers first use the privilege escalation vulnerability (CVE-2016-6663) to promote ordinary users to system users, and then use the root privilege escalation vulnerability (CVE- 2016-6664) was further promoted to root user.

All these vulnerabilities can be exploited in a shared environment. In a shared environment, users can access separate databases. Through these vulnerabilities, hackers can gain access to all databases.

Vulnerability PoC

Golunski has released the PoC code for two vulnerabilities: Vulnerability 1 and Vulnerability 2.

MySQL has fixed both vulnerabilities and released patches in last month’s quarterly update.

Repair Solution

We strongly recommend that webmasters install the patch as soon as possible. If you cannot install the patch immediately, you can also use a temporary solution - turn off symbolic link support in the database server configuration (set symbolic-links in my.cnf = 0).


Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Recommendations
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template