back to article MySQL gains new batch of vulns

A series of posts on ExploitDB by an author signing as “King Cope” reveal a new set of MySQL vulnerabilities – along with one issue that could just be a configuration issue. The vulnerabilities, which emerged on Saturday, include a denial-of-service demonstration, a Windows remote root attack, two overrun attacks that work on …

COMMENTS

This topic is closed for new posts.
  1. pixl97

    File System Permissions

    If you've given users the ability to write to your mysql database directory, you've already pissed up. A sane setup should be protected from that by default. Never write anything in to the same directory that someone else can, too many opportunities for race conditions and other timing attacks.

    The heap and stack attack look like they could be kind of dangerous, hack in a poorly protected site on your server, get credentials to your sql server, then dump password tables for other sites. Could see a few more big sites password lists get in the wild from this.

    1. Katie Saucey
      Mushroom

      Re: File System Permissions

      Damn, and here I am still looking for little Bobby tables vulnerabilities....

    2. Antony Riley
      Thumb Up

      Re: File System Permissions

      If you already have access to the mysql user, and can write files owned by mysql, the ability to make a database user have full admin access is rather unsurprising.

      Privalege escalation is not privalege escalation when you need privs higher or equal to the privs you are attempting to aquire.

      The mysql user is a higher privalege than any database user account.

    3. RICHTO Silver badge
      Mushroom

      Re: File System Permissions

      Should have used Microsoft SQL server....like 1 vulnerability in 7 years...Cheaper too if you need support...

      1. Perror

        Re: File System Permissions

        Postgresql comes to mind also

      2. mark1978
        WTF?

        Re: File System Permissions

        Microsoft SQL cheap? Larf.

        1. RICHTO Silver badge
          Mushroom

          Re: File System Permissions

          You obviously havnt seen what Oracle charge....

      3. eulampios

        MS vs Oracle

        like 1 vulnerability in 7 years. Microsoft is also ahead of the industry here. Hint: SQL Slammer. Compared to the wacko-run Oracle, Microsoft is truly da best of da best!

        1. RICHTO Silver badge
          Mushroom

          Re: MS vs Oracle

          That would be like 10 years ago....Rather like this more recent MYSQL worm: http://www.pcworld.com/article/119490/article.html

          1. eulampios

            Richto

            Please read first, what you post:

            Thousands of Microsoft Windows machines running MySQL have been infected, according to one security expert...The new version of Forbot infects machines by taking advantage of administrator accounts with weak or nonexistent passwords. ...infects machines by exploiting loosely secured MySQL installations running on Windows machines

            Why wouldn't it exploit loosely secured Linux or FreeBSD machines, like say, php?

            1. RICHTO Silver badge
              Mushroom

              Re: Richto

              That's like asking why the Slapper worm only runs on Linux....

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019