MySQL gains new batch of vulns

A series of posts on ExploitDB by an author signing as “King Cope” reveal a new set of MySQL vulnerabilities – along with one issue that could just be a configuration issue. The vulnerabilities, which emerged on Saturday, include a denial-of-service demonstration, a Windows remote root attack, two overrun attacks that work on …

This topic is closed for new posts.

Posted Tuesday 4th December 2012 04:59 GMT

pixl97

File System Permissions

If you've given users the ability to write to your mysql database directory, you've already pissed up. A sane setup should be protected from that by default. Never write anything in to the same directory that someone else can, too many opportunities for race conditions and other timing attacks.

The heap and stack attack look like they could be kind of dangerous, hack in a poorly protected site on your server, get credentials to your sql server, then dump password tables for other sites. Could see a few more big sites password lists get in the wild from this.

Posted Tuesday 4th December 2012 07:31 GMT

Katie Saucey

Re: File System Permissions

Damn, and here I am still looking for little Bobby tables vulnerabilities....

Posted Tuesday 4th December 2012 09:32 GMT

Antony Riley

Re: File System Permissions

If you already have access to the mysql user, and can write files owned by mysql, the ability to make a database user have full admin access is rather unsurprising.

Privalege escalation is not privalege escalation when you need privs higher or equal to the privs you are attempting to aquire.

The mysql user is a higher privalege than any database user account.

Posted Tuesday 4th December 2012 12:55 GMT

RICHTO

Re: File System Permissions

Should have used Microsoft SQL server....like 1 vulnerability in 7 years...Cheaper too if you need support...

Posted Tuesday 4th December 2012 15:37 GMT

Perror

Re: File System Permissions

Postgresql comes to mind also

Posted Tuesday 4th December 2012 16:56 GMT

mark1978

Re: File System Permissions

Microsoft SQL cheap? Larf.

Posted Tuesday 4th December 2012 17:15 GMT

eulampios

MS vs Oracle

like 1 vulnerability in 7 years. Microsoft is also ahead of the industry here. Hint: SQL Slammer. Compared to the wacko-run Oracle, Microsoft is truly da best of da best!

Posted Tuesday 4th December 2012 22:31 GMT

RICHTO

Re: MS vs Oracle

That would be like 10 years ago....Rather like this more recent MYSQL worm: http://www.pcworld.com/article/119490/article.html

Posted Tuesday 4th December 2012 22:38 GMT

RICHTO

Re: File System Permissions

You obviously havnt seen what Oracle charge....

Posted Wednesday 5th December 2012 00:42 GMT

eulampios

Richto

Please read first, what you post:

Thousands of Microsoft Windows machines running MySQL have been infected, according to one security expert...The new version of Forbot infects machines by taking advantage of administrator accounts with weak or nonexistent passwords. ...infects machines by exploiting loosely secured MySQL installations running on Windows machines

Why wouldn't it exploit loosely secured Linux or FreeBSD machines, like say, php?

Posted Thursday 6th December 2012 07:51 GMT

RICHTO