Bobcares

How to fix ‘MySQL Remote Root Code Execution’ / ‘Privilege Escalation’ (zero day ) vulnerability – CVE-2016-6662

by | Sep 13, 2016

On Sep 12th, Dawid Golunski announced CVE-2016-6662 aka MySQL Remote Root Code Execution / Privilege Escalation (0 day) vulnerability.

CVE-2016-6662 is reported as a critical exploit which can allow local and remote attackers to execute arbitrary code with root privileges in a vulnerable MySQL server.

The attackers can thus gain full access to the compromised server and steal confidential information such as credit card details or mess up with the website contents.

Majority of the websites are database-driven, most of them using MySQL servers. As a result, an exploit that involves MySQL-based database servers can affect a vast chunk.

How attackers exploit CVE-2016-6662 – MySQL Remote Root Code Execution / Privilege Escalation bug

Attackers can exploit this server vulnerability after gaining access to the database server in one of these two ways :

1. By obtaining an authenticated access to a MySQL database

Database user login details can be stolen in many ways by attackers. Accounts with easy and insecure passwords can be accessed via network connection or web interfaces such as phpMyAdmin.

2. Attack via SQL Injections

Web applications such as PHP and ASP are vulnerable to SQL injections. It is a code injection technique in which SQL statements are inserted into the code and database information is leaked by the attackers.

 

How attackers exploit MySQL Remote Root Code Execution / Privilege Escalation

How attackers exploit MySQL Remote Root Code Execution / Privilege Escalation

 

Once an access is gained to a database user account, attackers can execute remote code in the server. This code allows them to gain root access after a service restart.

This is known as privilege escalation and once root privilege is gained, attackers can just do anything in your servers. That’s why this exploit is considered a critical one.

By abusing MySQL logging functions, attackers can bypass security restrictions to do the following hacks:

1. Many servers that are not secured properly, may have config files owned by ‘mysql’ user instead of root user. Hackers can inject malicious settings into such configuration files.

2. Hackers can even create entirely new configuration files with malignant parameters in directories such as the MySQL data directory, which is writable by the ‘mysql’ user.

3. Privilege escalation renders attackers with MySQL admin privilege and thus enables them to modify the config files, even if the initially accessed account has only basic file permissions.

Are your servers vulnerable to MySQL Remote Root Code Execution (CVE-2016-6662)?

CVE-2016-6662 belongs to the category of zero-day vulnerability, which means that the affected software vendor isn’t aware of the vulnerability being exploited. So everyone that uses that software is vulnerable to an attack.

Unlike other kinds of attacks, defense against a zero-day attack is harder because no official patch or notification would be available from the vendor.

MySQL Remote Root Code Execution / Privilege Escalation vulnerability affects servers running the following versions of database servers:

MySQL server with versions (including the latest):

5.7.15
5.6.33
5.5.52

Since PerconaDB and MariaDB database servers are based on MySQL, servers running these software versions are also prone to this vulnerability.

How to fix ‘MySQL Remote Root Code Execution’ / ‘Privilege Escalation’ vulnerability in Percona server

Percona has patched their software with the bug fix and has released the following patched versions:

Percona Server 5.5.51-38.1
Percona Server 5.6.32-78.0
Percona Server 5.7.14-7

Here’s how to update Percona to the secure version in your server:

1. Download the latest version of Percona from the website. Choose the OS and the hardware before downloading.

2. Extract the source package.

3. Install it using rpm for Red Hat Enterprise Linux and CentOS servers. For Debian servers, use dpkg for installation.

Restart the Percona server and you’ll now have the latest secure version installed in the server, which is safe from the ‘MySQL Remote Root Code Execution’ / ‘Privilege Escalation’ vulnerability.

How to fix ‘MySQL Remote Root Code Execution’ / ‘Privilege Escalation’ bug in MariaDB server

MariaDB team has implemented the vulnerability patches in their following releases:

MariaDB 10.1.17
MariaDB 10.0.27
MariaDB 5.5.51

To update MariaDB server to these latest versions, follow these steps:

1. Download the desired version of MariaDB from their website.

2. Shut down the old version of MariaDB running in the server.

3. Install the new version that has been downloaded.

4. Run mysql_upgrade command to update the permissions and table compatibility.

5. Restart the MariaDB server after updating necessary configuration settings.

How to fix CVE-2016-6662 vulnerability in MySQL server

Oracle MySQL has still not released their patched version. MySQL is used by most webservers and its crucial to mitigate the attack until the new version is released.

To mitigate the vulnerability, immediate solution is to check the ownership and permissions of MySQL database directory and the configuration file.

Examine the server and ensure that mysql config files are owned by root user and not ‘mysql’ user.

Also, it is advisable to keep a copy of this my.cnf in MySQL directories to prevent hackers from creating new config files.

To change the ownership of MySQL config file, use the command:

chown root.root /etc/my.cnf

Scan the server for weak passwords and secure all database user accounts. Implement a strong password policy in the server, if not done already.

As soon as MySQL releases the new patched software version, it has to be downloaded and installed in the server as this step is only a temporary mitigation of attack.

Read: How to fix MySQL high CPU usage

Points to note..

MySQL upgrades should always be done with utmost care as even minor settings can break the data-driven websites.

We always keep a backup of configuration file and databases before upgrading.

Backups and test installs helps to revert the server to a working condition in case something goes wrong in the upgrade.

In short..

While zero-day vulnerabilities cannot be prevented, acting immediately to apply the fix and patch is crucial to avoid a catastrophic business downtime.

At Bobcares, our 24/7 security expert team keeps track of the vulnerabilities and apply patches to our customers’ servers within no time.

We keep our servers secure with the best practices in server security and monitor them 24/7 to minimize their exposure to attacks and hacks.

Read: How to secure a server

 

Are your servers vulnerable?

We can help you patch your servers, do a full-site security testing and secure your services from attacks.

SECURE MY SERVER

Emergency services provided at $59.99/hr


Bobcares provides Outsourced Hosting Support for online businesses. Our services include Outsourced Web Hosting Support, Outsourced Server Support, Outsourced Help Desk Support, Outsource Live Chat Support and Phone Support Services.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.