[Patch] MySQL/MariaDB - Race Cond CVE-2016-6663 & Root PrivEsc CVE-2016-6664 PoC Exploits


Status
Not open for further replies.

IIXPLANET

Expert 2.0
The details about two vulnerabilities affecting MariaDB (and MySQL) have been published on November 1 2016. The two vulnerabilities are:

  • CVE-2016-6663, Privilege Escalation / Race Condition (also referred to as CVE-2016-5616)
  • CVE-2016-6664, Root Privilege Escalation (also referred to as CVE-2016-5617)

I. VULNERABILITY
-------------------------

CVE-2016-6663

MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition ( known as CVE-2016-6663 )


MariaDB
< 5.5.52
< 10.1.18
< 10.0.28

MySQL
<= 5.5.51
<= 5.6.32
<= 5.7.14

The vulnerability affects all MySQL servers in default configuration in all
version branches (5.7, 5.6, and 5.5) including the latest versions, and could
be exploited by both local and remote attackers.
Both the authenticated access to MySQL database (via network connection or web
interfaces such as phpMyAdmin) and SQL Injection could be used as exploitation
vectors.

As SQL Injection attacks are one of the most common issues in web applications,
the CVE-2016-6662 vulnerabilty could put web applications at a critical risk in
case of a successful SQL Injection attack.

A successful exploitation could allow attackers to execute arbitrary code with
root privileges which would then allow them to fully compromise the server on
which an affected version of MySQL is running.

The vulnerability can be exploited even if security modules SELinux and AppArmor
are installed with default active policies for MySQL service on major Linux
distributions.

This advisory provides a Proof-Of-Concept MySQL exploit which demonstrates how
Remote Root Code Execution could be achieved by attackers.

Bug ini terdapat untuk versi seperti yg disebutkan diatas

Untuk check versi mysql anda silahkan login shell dan ketik : mysql -V


CVE-2016-6664

Remote Root Code Execution / Privilege Escalation (0day) ( known as CVE-2016-6664 )

The vulnerability affects all MySQL servers in default configuration in all
version branches (5.7, 5.6, and 5.5) including the latest versions, and could
be exploited by both local and remote attackers.
Both the authenticated access to MySQL database (via network connection or web
interfaces such as phpMyAdmin) and SQL Injection could be used as exploitation
vectors.

As SQL Injection attacks are one of the most common issues in web applications,
the CVE-2016-6662 vulnerabilty could put web applications at a critical risk in
case of a successful SQL Injection attack.

A successful exploitation could allow attackers to execute arbitrary code with
root privileges which would then allow them to fully compromise the server on
which an affected version of MySQL is running.

The vulnerability can be exploited even if security modules SELinux and AppArmor
are installed with default active policies for MySQL service on major Linux
distributions.

This advisory provides a Proof-Of-Concept MySQL exploit which demonstrates how
Remote Root Code Execution could be achieved by attackers.



MySQL
<= 5.5.51
<= 5.6.32
<= 5.7.14

MariaDB
All current

Percona Server
< 5.5.51-38.2
< 5.6.32-78-1
< 5.7.14-8

Percona XtraDB Cluster
< 5.6.32-25.17
< 5.7.14-26.17
< 5.5.41-37.0

Bug ini terdapat untuk versi seperti yg disebutkan diatas

Untuk check versi mysql anda silahkan login shell dan ketik : mysql -V


untuk versi patch nya sudah keluar baik mariadb / mysql , jadi bisa di update untuk keamanan .
 

FluidaWeb

Hosting Guru
kemarin sudh update semua server, namun tidak tahu jika ada bug tersebut
 

IIXPLANET

Expert 2.0
Sama2 mas bro jaapns.
@mas fluida iya mas ini saya juga kebetulan kemarinan lagi main ke exploit db terus lihat exploit ini
 
Status
Not open for further replies.

Top