A critical MySQL database vulnerability has been discovered which could allow hackers to gain full control of MySQL servers and MariaDB and Percona DB databases. The critical MySQL database vulnerability (CVE-2016-6662) has also been disclosed publicly by Dawid Golunski, the security researcher who found the flaw.
The critical MySQL database vulnerability could be exploited by an attacker via SQL injection, although a successful attack could also take place if the attacker has an authenticated connection to the MySQL service. The flaw would allow the attacker to modify the MySQL configuration file. This would allow an attacker-controlled library to be executed with root privileges, if the MySQL process is started with the mysqld_safe wrapper script.
Golunsky claims that the vulnerability exists in “all MySQL servers in default configuration in all version branches (5.7, 5.6, and 5.5) including the latest versions,” as well as with MariaDB and Percona DB databases.
Full details of the exploit have not been published to reduce the risk of hackers taking advantage of the flaw, although a proof-of-concept exploit has been included in an advisory released by Golunski. He also claims to have discovered a second vulnerability (CVE-2016-6663) that could make it easier to pull off an attack, although he has not published the details. They have however, been provided to Oracle.
Details of the vulnerabilities were made available to Oracle, MariaDB and Percona DB developers and a patch was released for the latter two. Oracle is expected to release a security update to address the flaw, although not until October. Until then, MySQL admins need to take action to protect their databases from attack. Golunsky suggests as a temporary measure to prevent attacks, “users should ensure that no mySQL config files are owned by mySQL user, and create root-owned dummy my.cnf files that are not in use.”