Researcher Discloses New Batch of MySQL Vulnerabilities

Posted by samzenpus on Monday December 3, 2012 @03:55AM from the protect-ya-neck dept.

wiredmikey writes "Over the weekend, a security researcher disclosed seven security vulnerabilities related to MySQL. Of the flaws disclosed, CVE assignments have been issued for five of them. The Red Hat Security Team has opened tracking reports, and according to comments on the Full Disclosure mailing list, Oracle is aware of the zero-days, but has not yet commented on them directly. Researchers who have tested the vulnerabilities themselves state that all of them require that the system administrator failed to properly setup the MySQL server, or the firewall installed in front of it. Yet, they admit that the disclosures are legitimate, and they need to be fixed. One disclosure included details of a user privilege elevation vulnerability, which if exploited could allow an attacker with file permissions the ability to elevate its permissions to that of the MySQL admin user."

1 of 76 comments (clear)

Min score:

Reason:

Sort:

At the risk of getting modded down... by Viol8 · 2012-12-03 04:08 · Score: 0, Troll

... is someone who spends their working day just trying to poke holes and find vulnerabilities in software a "researcher"? Glorified tester maybe but thats about it. I somehow don't think these people hang around in white labcoats in clean rooms with clipboards looking at the latest results. More like some fat guy slouching with a pizza running yet another penetration program that someone else wrote.