Two critical zero-day vulnerabilities have been discovered in the world’s 2nd most popular database management software MySQL that could allow an attacker to take full control over the database.
Researcher Dawid Golunski discovered several security issues in the MySQL DBMS, including a vulnerability flaw (CVE-2016-6662) that can be exploited by a remote attacker to inject malicious settings into my.cnf configuration files. The flaw can be triggered to fully compromise the DBMS by executing arbitrary code with root privileges on the server running the vulnerable MySQL instance.
The CVE-2016-6662 vulnerability can be exploited if the attacker has an authenticated connection to the MySQL service, for example in shared hosting environments, by triggering an SQL injection flaw, or through a common type of vulnerability in web services leveraging the popular DBMS.
The above flaw could be exploited either via SQL Injection or by hackers with authenticated access to MySQL database (via a network connection or web interfaces like phpMyAdmin).
“A successful exploitation [of CVE-2016-6662] could allow attackers to execute arbitrary code with root privileges which would then allow them to fully compromise the server on which an affected version of MySQL is running,” Golunski explained in an advisory published today.
This could result in complete compromise of the server running the affected MySQL version.
No MySQL Patch Available Yet
While Oracle acknowledged and triaged the report, scheduling the next Oracle CPUs for October 18, 2016, MariaDB and PerconaDB patched their versions of the database software before the end of August.
Since more than 40 days have passed and the two vendors released the patches to fix the issues, Golunski said he decided to go public with the details of the zero-days.
Until Oracle fixes the problem in its next CPU, you can implement some temporary mitigations, proposed by the researcher, for protecting your servers.
“As temporary mitigation’s, users should ensure that no MySQL config files are owned by the mysql user, and create root-owned dummy my.cnf files that are not in use,” Golunski wrote.
But remember, the above mitigation’s are just workarounds, so you are advised to apply vendor patches as soon as they become available.