• Announcements

    • MannDude

      Current state of vpsBoard   02/04/2017

      Dear vpsBoard members and guests:

      Over the last year or two vpsBoard activity and traffic has dwindled. I have had a change of career and interests, and as such am no longer an active member of the web hosting industry.

      Due to time constraints and new interests I no longer wish to continue to maintain vpsBoard. The web site will remain only as an archive to preserve and showcase some of the great material, guides, and industry news that has been generated by members, some of which I remain in contact to this very day and now regard as personal friends.

      I want to thank all of our members who helped make vpsBoard the fastest growing industry forum. In it's prime it was an active and ripe source of activity, news, guides and just general off-topic banter and fun.

      I wish all members and guests the very best, whether it be with your business or your personal projects.

      -MannDude
Sign in to follow this  
Followers 0
DomainBop

MySQL 5.5 5.6 5.7 0day

2 posts in this topic

Quote

 

Date: Mon, 12 Sep 2016 12:35:27 +0200

Vulnerability: MySQL Remote Root Code Execution / Privilege Escalation 0day
CVE: CVE-2016-6662
Severity: Critical
Affected MySQL versions (including the latest):
<= 5.7.15
<= 5.6.33
<= 5.5.52

An independent research has revealed multiple severe MySQL vulnerabilities.
This advisory focuses on a critical vulnerability with a CVEID of CVE-2016-6662.
The vulnerability affects MySQL servers in all version branches
(5.7, 5.6, and 5.5) including the latest versions, and could be exploited by
both local and remote attackers.
Both the authenticated access to MySQL database (via network
connection or web interfaces such as phpMyAdmin) and SQL Injection
could be used as exploitation vectors.

Successful exploitation could allow attackers to execute arbitrary code with
root privileges which would then allow them to fully compromise the server on
which an affected version of MySQL is running.

 

CVE issued this morning : http://seclists.org/oss-sec/2016/q3/481

detailed: http://seclists.org/oss-sec/2016/q3/att-482/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.txt

Percona has already issued patches.  Most other vendors however: not yet.

 

1 person likes this

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0

  • Similar Content

    • By poomrokc
      Hello , sorry for the confusing title ,I do not speak english as my first language.(and also sorry if the topic does not fit here)
      Problem background: I just want to create a website as a competitive program grader for my school. Like complie and run source code on the server. So below is my idea and i would like some help/suggestions before i do it,I still don't know if this will work.
      Mysql usage:
      The problem one is that i would use one of the table as my user-submission queue.When user submit a code, I first put it in this table(i suppose it put the new row in the bottom of the table?) .
      Python program usage:
      I would run a 24/7 program on my server that check every 10 second  if the queue table is not empty, just run the grading process(I know how to do it) and then pop it off the queue.Then check again.
       
      PHP usage:
      When a person submit code, i will use php to put it on the queue table,but it may be the same time my python program is popping something off the queue table too. This is where I get confuse whether it will work or not.(Other usage of the php is just things about web interface which I had done before and know what to do)
       
      So,would this idea even work? Will it break my server or something?As a competitive programmer guy I don't know much snd will greatly appreciate any help from u guys. :)
       
      Thank you very much.
    • By TeenLinux
      Hello. I have a NAT IPv4 VPS from LES and I need to do a couple of things. Those include, install LightHTTPD or Nginx to use port 80 as I have my domain proxied to my VPS, install MySQL or an lightweight alternative and install PHP or a lightweight alternative. I also need to set up a Teamspeak 3 server. All of the tutorials I found (which there aren't very many due to the nature of NAT VPS) didn't work and I tried repeatedly. I use CentOS 6.x 32bit and am looking for someone to help me remotely via Teamviewer or Skype... Thanks.
    • By MannDude
      I recently needed the MySQL root password on a server of mine to complete a task but had misplaced it and was unable to locate it. Thinking that I had seriously goofed up I was worried. Luckily, resetting the password was surprisingly simple.
      All you will need is root access to your VM and about two minutes of time.
      First things first, you'll need to shutdown MySQL temporarily:
      service mysql stop Once the service has shutdown, you can proceed to restart it with the following:
      mysqld_safe --skip-grant-tables & Now you should be able to login as the MySQL root user without being prompted for a MySQL password. Give it a whirl:
      mysql -u root You should see the familiar MySQL prompt now.
       
      To reset the password you can follow the commands below:
      mysql> use mysql; mysql> update user set password=PASSWORD("MyNewMySQLPassword") where User='root'; mysql> flush privileges; mysql> quit (Obviously replacing "MyNewMySQLPassword" with a proper password)
      Restart MySQL:
      service mysql restart Check that your new MySQL password works, it should:
      mysql -u root -p  
      That's it.
    • By EricGregory
      One of our admins, Kevin Quinn took some time to do a nice write up about increasing the efficiency of MySQL by adding an index.  So far, it's been pretty well received.  We just posted it up yesterday, so head over and have a peek if you'd like.  As always, any comments or feedback are certainly welcome.
       
      http://blog.totalserversolutions.com/boost-mysql-efficiency-by-adding-an-index/
       
       
      Thanks
       
       
    • By raindog308
      I need a database in the cloud.  I have various VPSes and I'd like to coordinate the jobs they run, so I thought I'd have each write to a central DB.  I'd also like to store config, capacity planning, etc. data there.  Small stuff - probably less than 500M for a long time.   MySQL (or Maria) or PostGreSQL would be ideal but I haven't written any code yet.  I do need it to be very available/reliable.   My concerns about self-hosting it on a VPS is high availability/single point of failure/security (MySQL open to the net, though I think MySQL allows you to limit connections from only certain IPs and if not I could do that with iptables).  I could cluster but I'm thinking there might be some sort of cloud-based service?  I don't mind paying some small amount per month.   AWS RDS (Amazon's hosted MySQL) is $18/month + storage/data at its cheapest (extra small tier), and that's more than I was thinking.   There's Amazon's SimpleDB and the free tier is enough I could probably run for a long time...that's another possibility though it's entirely proprietary: http://aws.amazon.com/simpledb/pricing/   Hopefully there is a perl or python module.   My fallback would be something like MongoHQ or Amazon Dynamo.  I see this as more row-based data than document data though.