Join the community today
Become a Member

MariaDB Oracle MySQL CVE-2016-6662 - fixed in MariaDB/Percona already

Discussion in 'MariaDB & General MySQL news & discussions' started by Colin, Sep 13, 2016.

  1. Colin

    Colin Premium Member Premium Member

    111
    33
    28
    Oct 7, 2015
    Sheffield UK
    Ratings:
    +83
    Local Time:
    4:53 AM
    1.11.#
    MariaDB 10.1.#
    Feel free to delete, move, merge.
    Percona mailer just altered me to their fix.
    MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html

    y-combinator discussion MySQL Remote Root Code Execution/Privilege Escalation Exploit | Hacker News
     
    • Like Like x 1
  2. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    1:53 PM
    Nginx 1.13.x
    MariaDB 5.5
    thanks for the heads up, still reading through that info !

    from MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html

    Centmin Mod /root/.my.cnf and /etc/my.cnf are owned by root user not mysql so not vulnerable for injection of malicious config file options.

    Looks like the other 2 proof of concepts require some form of mysql user access like the above 1st proof of concept. Particularly the FILE permission which regularly granted non-root mysql users don't have unless you grant FILE permissions

    MySQL Remote Root Code Execution/Privilege Escalation Exploit | Hacker News

     
    Last edited: Sep 13, 2016
  3. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    1:53 PM
    Nginx 1.13.x
    MariaDB 5.5
    more news at MySQL Zero-Day Allows Database Takeover

    MariaDB and Percona fixed this but Oracle MySQL has not yet !
    LOL so glad I switched to MariaDB and not Oracle MySQL !

    MariaDB 10.1.17 was released on August 30, 2016 and MariaDB 10.1.17 Changelog - MariaDB Knowledge Base lists
    from that JIRA MDEV-10465 ticket
     
    Last edited: Sep 13, 2016
  4. Revenge

    Revenge Active Member

    288
    64
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +227
    Local Time:
    4:53 AM
    1.9.x
    10.1.x
    Ya, i have read it this afternoon. MariaDB and Percona are not affected by this. They fixed it last month.
     
    • Agree Agree x 1
  5. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    1:53 PM
    Nginx 1.13.x
    MariaDB 5.5
    yeah mean while Oracle MySQL users need to wait 48 days (between August 30th till October 18th) ! Though it does require mysql user access in the first place.

    @Colin re-titled this thread to make it clearer MariaDB / Percona already fixed :)
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    1:53 PM
    Nginx 1.13.x
    MariaDB 5.5
    confused now Oracle MySQL 5.5.52 MySQL :: MySQL 5.5 Release Notes :: Changes in MySQL 5.5.52 (2016-09-06)

    seems was fixed ?
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    1:53 PM
    Nginx 1.13.x
    MariaDB 5.5
    New MySQL Zero Days — Hacking Website Databases

     
  8. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    1:53 PM
    Nginx 1.13.x
    MariaDB 5.5
    Percona's email newsletter
     
  9. Revenge

    Revenge Active Member

    288
    64
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +227
    Local Time:
    4:53 AM
    1.9.x
    10.1.x
    MariaDB and Percona used the same fix or they both implemented their own?
     
  10. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    1:53 PM
    Nginx 1.13.x
    MariaDB 5.5
    serious enough for a separate blog post by MariaDB MariaDB - MariaDB Server versions and the Remote Root Code Execution Vulnerability CVE-2016-6662 | Centmin Mod Community

    fyi, addons/mysqladmin_shell.sh used to create mysql users and databases on Centmin Mod does not grant SUPER or FILE privileges to mysql users created
     
    Last edited: Sep 14, 2016
    • Informative Informative x 1
  11. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    1:53 PM
    Nginx 1.13.x
    MariaDB 5.5
    not sure probably they all have their own relative fixes
     
  12. negative

    negative Member

    216
    21
    18
    Apr 11, 2015
    Ratings:
    +49
    Local Time:
    6:53 AM
    1.9.10
    10.1.11
    I have mariadb 10.1.17 already so do i need to any action for this bug fix thread? I don't understand exactly.
     
  13. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    1:53 PM
    Nginx 1.13.x
    MariaDB 5.5
    ;)
     
    • Friendly Friendly x 1