MySQL gains new batch of vulns A series of posts on ExploitDB by an author signing as “King Cope” reveal a new set of MySQL vulnerabilities – along with one issue that could just be a configuration issue. The vulnerabilities, which emerged on Saturday, include a denial-of-service demonstration, a Windows remote root attack, two overrun attacks that work on …
If you've given users the ability to write to your mysql database directory, you've already pissed up. A sane setup should be protected from that by default. Never write anything in to the same directory that someone else can, too many opportunities for race conditions and other timing attacks.
The heap and stack attack look like they could be kind of dangerous, hack in a poorly protected site on your server, get credentials to your sql server, then dump password tables for other sites. Could see a few more big sites password lists get in the wild from this.
If you already have access to the mysql user, and can write files owned by mysql, the ability to make a database user have full admin access is rather unsurprising.
Privalege escalation is not privalege escalation when you need privs higher or equal to the privs you are attempting to aquire.
The mysql user is a higher privalege than any database user account.
like 1 vulnerability in 7 years. Microsoft is also ahead of the industry here. Hint: SQL Slammer. Compared to the wacko-run Oracle, Microsoft is truly da best of da best!
Please read first, what you post:
Thousands of Microsoft Windows machines running MySQL have been infected, according to one security expert...The new version of Forbot infects machines by taking advantage of administrator accounts with weak or nonexistent passwords. ...infects machines by exploiting loosely secured MySQL installations running on Windows machines
Why wouldn't it exploit loosely secured Linux or FreeBSD machines, like say, php?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
