It’s tough to find a single day; the hacking issues did not hear. Every day we face many cyber crime-related problems and solving those had become a tough task. This time also, database related issue come in front of us, i.e., MYSQL zero days that have allowed the hacker to take full control over the database. So let’s know all the reasons behind it.
Two critical zero-days like CVE-2016-6662 and CVE-2016-6663 were discovered by the Polish Security Researcher Dawid Golunski, which had affected to all currently supported MySQL versions as well as it’s forked such as MariaDB and PerconaDB. The hackers had exploited the vulnerability (CVE-2016-6662) to inject malicious settings into MySQL configuration files or to create their wicked ones. However, both MariaDB and PerconaDb had fixed the weaknesses, but Oracle had not set the issues.
The mentioned above flaw was exploited either through SQL Injection or by Hackers with an authenticated access to MySQL database. Furthermore, researchers had also warned that even if SELinux or AppArmor Linux Kernel Security Module were enabled, the vulnerability would be exploited.
Within the Mysqld_safe script, the flaw resides and is used as a wrapper by many MySQL default packages or installations to commence the MySQL service process. The mysqld_safe wrapper script is executed as root, and the Primary myself process drops its privilege level to the MySQL user. For these reasons, the researcher now plans to release the full exploit code for CVE-2016-6663, which would allow the low-privileged attackers to make exploitation trivial. But it is to be noted that MySQL patch was not released yet.
It has become a long time to fix this issue, so Golunski had decided to go for the public with the details of zero-days. Furthermore, you can also implement some temporary mitigations, until Oracle has fixed the problem in its next CPU to protect the servers. For this reason, you are advised to apply vendor patches as soon as they become available.
