Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two Critical MySQL Bugs Discovered (infoworld.com)

Posted by EditorDavid on from the debasing-the-database dept.

An anonymous reader quotes InfoWorld: Two critical privilege escalation vulnerabilities in MySQL, MariaDB, and PerconaDB can help take control of the whole server, which is very bad for shared environments... Administrators need to check their database versions, as attackers can chain two critical vulnerabilities and completely take over the server hosting the database... The first vulnerability, a privilege escalation/race condition flaw, gives elevated privileges to a local system user with access to a database and allows them to execute arbitrary code as the database system user. This gives an attacker access to all of the databases on the affected server... The privilege escalation/race condition flaw can be chained with another critical vulnerability, a root privilege escalation vulnerability, to further elevate the system level user to gain root on the server.

2 of 70 comments (clear)

  1. Re:High performance is no use with poor functional by darkain · · Score: 4, Insightful

    Apparently you are unaware of this... https://www.youtube.com/watch?...

  2. Old news (even for Slashdot) by Zontar+The+Mindless · · Score: 5, Informative

    Both of these vulnerabilities were fixed in MySQL two months ago. I assume MariaDB and Percona have long since applied the patches as well.

    So the big takeaway here is, "If you've not upgraded to the latest release yet, why the hell not?"

    --
    Il n'y a pas de Planet B.