Home arrow MySQL arrow MySQL Vulnerabilities Threaten Databases

MySQL Vulnerabilities Threaten Databases

Over the weekend, a prominent developer and security professional released some uncomfortable information to the Full Disclosure mailing list for MySQL open source database project. He revealed information and exploits for a number of MySQL vulnerabilities that could let attackers gain access to a database and execute malicious code.

By: Terri Wells
Rating: starstarstarstarstar / 0
December 03, 2012

print this article



The developer, Nikolaos Rangos, is also known by the online handle Kingcope. At least some of the vulnerabilities he reported have been confirmed. Some of the vulnerabilities allow users with just a few privileges to create a MySQL administrator user, which would grant them far greater access. Indeed, five of the exploits that Rangos discovered would grant attackers shell access with maximum privileges.

While those exploits call for the hacker to possess a legitimate database connection to inject and execute code, one of the other exploits can enable attackers to discover valid usernames – a first step toward carrying out one of the other exploits. ZDNet reported that this particular vulnerability, designated CVE-2012-5615, “allows an attacker to confirm whether a certain username is in use by the SQL instance as it immediately responds with 'Access denied' if the account does not exist, but provides another response if the account exists, but the supplied credentials are incorrect.”

Sadly, according to Sergei Golubchik, Monty Program Vice President of Architecture and a former developer for the MySQL project before it was purchased by Sun/Oracle, some of the newly-reported vulnerabilities are far from new. One, CVE-2012-5611, duplicates an older bug, CVE-2012-5579, which has since been patched in the latest version of MariaDB. Another bug, CVE-2012-5613 (the one that lets users gain greater access), can in theory only be taken advantage of if the MySQL database is configured in a certain way – a way that is, in fact, strongly recommended against in at least two places in the MySQL reference manual. As ZDNet notes, “Nevertheless, servers that are misconfigured this way are vulnerable to attack.”

Perhaps the record for old issues not attended to belongs to the CVE-2012-5615 issue with discovering usernames mentioned above. Golubchik revealed that “This is hardly a 'zero-day' issue; it was known for, like, ten years.” He has filed the issue with Monty Program developers as a major bug.

Here is the list of issues with their identifying tracking numbers: CVE-2012-5611:  MySQL (Linux) Stack based buffer overrun PoC Zeroday; CVE-2012-5612: MySQL (Linux) Heap Based Overrun PoC Zeroday; CVE-2012-5613: MySQL (Linux) Database Privilege Elevation Zeroday Exploit; CVE-2012-5614: MySQL Denial of Service Zeroday PoC; and CVE-2012-5615: MySQL Remote Preauth User Enumeration Zeroday.

>>> More MySQL Articles          >>> More By Terri Wells

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Oracle Unveils MySQL 5.6
- MySQL Vulnerabilities Threaten Databases
- MySQL Cloud Options Expand with Google Cloud...
- MySQL 5.6 Prepped to Handle Demanding Web Use
- ScaleBase Service Virtualizes MySQL Databases
- Oracle Unveils MySQL Conversion Tools
- Akiban Opens Database Software for MySQL Use...
- Oracle Fixes MySQL Bug
- MySQL Databases Vulnerable to Password Hack
- MySQL: Overview of the ALTER TABLE Statement
- MySQL: How to Use the GRANT Statement
- MySQL: Creating, Listing, and Removing Datab...
- MySQL: Create, Show, and Describe Database T...
- MySQL Data and Table Types
- McAfee Releases Audit Plugin for MySQL Users

Developer Shed Affiliates


Dev Shed Tutorial Topics: