Comments on: MySQL Zero-Day Allows An Attacker To Take Full Control Of Database ยป TechWorm https://www.epanorama.net/blog/2016/09/14/mysql-zero-day-allows-an-attacker-to-take-full-control-of-database-techworm/ All about electronics and circuit design Sun, 05 Apr 2026 18:35:45 +0000 hourly 1 http://wordpress.org/?v=3.9.14 By: Tomi Engdahl https://www.epanorama.net/blog/2016/09/14/mysql-zero-day-allows-an-attacker-to-take-full-control-of-database-techworm/comment-page-1/#comment-1513093 Wed, 14 Sep 2016 16:58:05 +0000 http://www.epanorama.net/newepa/?p=46935#comment-1513093 Bad news: MySQL can dish out root access to cunning miscreants
Good news: Oracle sneaked some patches out
http://www.theregister.co.uk/2016/09/13/mysql_security_bug/

Security holes in MySQL can be abused to gain remote root access on poorly configured servers, it emerged on Monday.

Patches to fix up the programming blunders were quietly released last week. The flaws are present in all default installations of MySQL 5.5, 5.6 and 5.7. Grab versions 5.5.52, 5.6.33 and 5.7.15 to avoid any trouble.

The bugs were discovered by Dawid Golunski, who says he reported them to MySQL overseer Oracle on July 29.

He found that you can misuse an SQL command to write arbitrary text to the open-source database’s configuration files. He has published limited proof-of-concept code showing how to open a remote root shell on a vulnerable installation.

http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html

]]>