MySQL gains new batch of vulns

Overruns, privileges, DoS and more


A series of posts on ExploitDB by an author signing as “King Cope” reveal a new set of MySQL vulnerabilities – along with one issue that could just be a configuration issue.

The vulnerabilities, which emerged on Saturday, include a denial-of-service demonstration, a Windows remote root attack, two overrun attacks that work on Linux, and one privilege escalation attack, also on Linux.

The overflow bugs crash the MySQL daemon, allowing the attacker to then execute commands with the same privileges as the user running MySQL. “King Cope” also demonstrated a user enumeration vulnerability.

The privilege escalation vulnerability, in which an attacker could escalate themselves to the same file permissions as the MySQL administrative user, has provoked some to-and-fro on the Full Disclosure mailing list, with one writer stating that “CVE-2012-5613 is not a bug, but a result of a misconfiguration, much like an anonymous ftp upload access to the $HOME of the ftp user.”

Red Hat has assigned CVEs to the vulnerabilities, but at the time of writing, Oracle has not commented on the issues. ®

Similar topics

Broader topics


Other stories you might like

  • Oracle closes $28.3b Cerner buy amid warnings of commercial challenges
    Database titan 'does not buy companies and then lowers costs'

    Oracle has closed the acquisition of Cerner Corporation, a specialist in healthcare software, in a deal set to be worth $28.3 billion.

    But as Larry Ellison, Oracle's chairman of the board and chief technology officer, is set to outline Oracle's strategy for its acquisition's role in healthcare in the coming days, Cerner customers are being warned to expect some surprises in renegotiating their contracts.

    Last month, Cerner said it secured 331 new, expanded and extended client contracts in first quarter, including Ohio-based Blanchard Valley Health System and Virginia-based Mountain Health Network.

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • HPE ordered to pay Oracle $30m for Solaris IP infringement
    Years long case closes after three-week jury trial, HPE considering next step

    Hewlett Packard Enterprise must pay Oracle $30 million for copyright infringement after a jury found it guilty of providing customers with Solaris software updates without Big Red's permission.

    The decision, which HPE may contest, is the culmination of a three-week trial in Oakland, California. However, the case was first raised years back when Oracle claimed HPE had offered illegal updates under a scheme devised by software support provider Terix, which settled its case in 2015 for almost $58 million.

    In proceedings at the start of this week, Oracle’s lawyer, Christopher Yeates of Latham & Watkins LLP, pressed the eight-person jury to award his client $72 million for HPE using software not covered by a support contract, and for pinching clients, including Comcast.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading

Biting the hand that feeds IT © 1998–2022