Home Blog MySQL is Vulnerable to Server Root Access Vulnerability(Exploit Released)

MySQL is Vulnerable to Server Root Access Vulnerability(Exploit Released)

92
0

Critical vulnerabilities have been found in one of the most popular databases i.e. MySQL.

David Golunski, a security researcher discovered two zero days, which allow an attacker to access the complete database. All the current supported versions of MySQL are vulnerable to this vulnerability.

  • MySQL Remote Root Code Execution (CVE-2016-6662)
  • Privilege Escalation (CVE-2016-6663)

Earlier David Golunski published exploit for CVE-2016-6662  at his blog. He reported this issue to Oracle but they didn’t fix it.

Golunski promised to publish exploit for another bug(CVE-2016-6663) too.
Both the vulnerabilities affect MySQL version 5.5.51 and earlier, MySQL version 5.6.32 and earlier, and MySQL version 5.7.14 and earlier, as well as MySQL forks – Percona Server and MariaDB.
Now Golunski has published the proof-of-concept exploit code for both the vulnerabilities.
Exploit 1
Exploit 2
The vulnerabilities have been fixed by their vendors and released a security patch for these.

 

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here