Critical vulnerability in MySQL

Portal published details of  a critical vulnerability in MySQL (CVE-2016-6662), including  MariaDB and Percona Server. The report also contains information on how attackers can use that vulnerability. 

Affected versions:

  • <= 5.7.15
  • <= 5.6.33
  • <= 5.5.52

The vulnerability allows a user with SELECT/FILE privileges to remotely or locally execute arbitrary code with root privileges. Currently undisclosed CVE-2016-6663  will demonstrate how to alter the configuration without FILE privileges.

Updates for packages with previous mysql/mariadb versions in distributions are not released yet (Ubuntu, Debian, RHEL, FreeBSD, CentOS, Fedora, SUSE). The vulnerability can be exploited even if security modules SELinux and AppArmor
are installed with default active policies for MySQL service. But you could minimize the risks by following recommendations:  

21 September 2016

You may be interested in

16 February 2021
Ways to cheat on the Internet
Which strata of society are the most vulnerable? Of course, women and old people. Often scammers in ...