amuck-landowner

MySQL 5.5 5.6 5.7 0day

DomainBop

Dormant VPSB Pathogen
Date: Mon, 12 Sep 2016 12:35:27 +0200


Vulnerability: MySQL Remote Root Code Execution / Privilege Escalation 0day
CVE: CVE-2016-6662
Severity: Critical
Affected MySQL versions (including the latest):
<= 5.7.15
<= 5.6.33
<= 5.5.52


An independent research has revealed multiple severe MySQL vulnerabilities.
This advisory focuses on a critical vulnerability with a CVEID of CVE-2016-6662.
The vulnerability affects MySQL servers in all version branches
(5.7, 5.6, and 5.5) including the latest versions, and could be exploited by
both local and remote attackers.
Both the authenticated access to MySQL database (via network
connection or web interfaces such as phpMyAdmin) and SQL Injection
could be used as exploitation vectors.


Successful exploitation could allow attackers to execute arbitrary code with
root privileges which would then allow them to fully compromise the server on
which an affected version of MySQL is running.

CVE issued this morning : http://seclists.org/oss-sec/2016/q3/481


detailed: http://seclists.org/oss-sec/2016/q3/att-482/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.txt


Percona has already issued patches.  Most other vendors however: not yet.
 
Top
amuck-landowner