A severe MySQL exploit was identified by security researchers that allow malicious users to execute remote commands.
The MySQL CVE-2016-6662 Exploit Is Critical
Yesterday Dawid Golunski from Legal Hackers published information about a serious MySQL remote exploit identified with CVE-2016-6662. This affects all servers that use versions of the database as well as its clones and forks such as MariaDB.
The advisory details show that the flaw is present in all default configurations of all branches of the program. The identified issue allows malicious users to gain root privileges on the target system by altering the MySQL configuration file to include a malicious shared library. The arbitrary injected code will be executed upon a service restart event – manually by the user, during a reboot, after an update and other scenarios.
Another method of root privilege escalation uses the FILE or SUPER permissions set. An improper operating system file and directory permissions that contain the configuration files of the server can also be utilized to modify critical files.
The potential damage can be incurred by attackers who hold both privileged and unprivileged access to the database accounts. The exploit can be combined with other known security issues to further increase the damage potential. The researcher also states that the vulnerability can also be exploited via an SQL injection vector, which removes the need for the criminals to use a direct MySQL connection.
All users are urged to update their database servers to the latest security release. The major clones and forks such as MariaDB and Percona have also issued security updates to fix the issue.
Alternative solutions also exist but they do not amend all security issues, and that is the reason why a full update to the latest vendor-provided server is required. We remind everyone that many of the world’s largest and fastest-growing organisations including Facebook, Google, Adobe, Alcatel Lucent and Zappos rely on MySQL.