MySQL database server is widely used by online businesses to store their critical and valuable data. MariaDB and Percona are other database servers based on MySQL.

But the confidentiality and security of these database servers goes for a toss when one fine morning a vulnerability or exploit in the software gets published.

It was only a couple of months ago that the MySQL vulnerability CVE-2016-6662 ‘Remote Root Code Execution’ / ‘Privilege Escalation’ got revealed.

Two more critical vulnerabilities in MySQL has been revealed recently, which can lead to a server hack by executing arbitrary code and gaining root privilege.

MySQL Root Privilege Escalation vulnerability

Attackers can hack the database server by exploiting two vulnerabilities of the server, which arise due to insecure handling of error logs and other files of MySQL.

The first one is labeled as ‘CVE-2016-6663‘ aka ‘Privilege Escalation / Race Condition‘. Exploiting this vulnerability, a local mysql user can escalate his privileges in the server.

Once a user attains higher privileges, he can execute malicious code in the database server and hack the confidential data in it.

The second vulnerability is ‘CVE-2016-6664‘ or ‘Root Privilege Escalation‘. Hackers who gain access to the less-privileged user accounts can escalate their privilege to root level.

Once a hacker gains root access to the database server, he can compromise the entire server by stealing or destroying confidential and critical data.

This makes the two vulnerabilities critical ones and they need to be fixed without any delay, to avoid any business downtime due to server hacks.

Database servers affected by Root Privilege Escalation vulnerability

MySQL server and its derivatives such as Percona and MariaDB servers are affected by the vulnerability. The versions that are vulnerable are:

Database servers vulnerable to root privilege escalation

How to fix Root Privilege Escalation bug in MySQL

MySQL has fixed the vulnerability in its latest database server versions. To update the latest server version, the steps are:

For RedHat and CentOS servers, ‘yum’ can be used to update MySQL server.

sudo yum update mysql-server

For version changes, the previous version may have to be removed first before installing new version.

In Ubuntu and Debian servers, ‘apt-get’ can be used to update the ‘mysql-server’ package.

Update MySQL server in Ubuntu

After restarting the server after update, executing ‘mysql_upgrade’ helps to check and resolve any incompatibilities between the old data and the upgraded software.

How to fix Root Privilege Escalation exploit in Percona

Percona has fixed these critical vulnerabilities in their latest releases of Percona Server for MySQL and Percona XtraDB Cluster:

Percona database server – secure versions

So, to secure the Percona database servers from root privilege exploit, users should upgrade to their relevant incremental release. Here’s how to do it:

1. Download the latest version of Percona from the website. Choose the OS and the hardware before downloading.

2. Extract the source package.

3. Install it using rpm for Red Hat Enterprise Linux and CentOS servers. For Debian servers, use dpkg for installation. 

4. In Ubuntu, 'apt-get' can be used to update database server. The option to do this in RedHat is 'yum'.

How to mitigate Root Privilege Escalation in MariaDB

MariaDB has not yet released a secure version to address CVE-2016-6664 but they have updated their software to prevent CVE-2016-6663.

So, immediate fix to mitigate the vulnerability is to update MariaDB to these latest secure versions:

5.5.52 
10.0.28
10.1.18

To update MariaDB server to these latest versions, follow these steps:

1. Download the desired version of MariaDB from their website.

2. Shut down the old version of MariaDB running in the server.

3. Install the new version that has been downloaded.

4. Run mysql_upgrade command to update the permissions and table compatibility.

5. Restart the MariaDB server after updating the necessary configuration settings.

The fix for CVE-2016-6664 is expected to be available in their upcoming versions.

Points to note during update..

1. Always take a backup of the databases and the configuration files of server before doing an upgrade.

2. Relevant packages such as 'php-mysql' should also be updated depending on the server config.

3. A restart of the database server should be done after update and custom config settings should be added.

4. Testing the software applications and websites for proper functioning is crucial after the update.

While zero-day vulnerabilities cannot be prevented, acting immediately to apply the fix and patch is crucial to avoid a catastrophic business downtime.

At Bobcares, our 24/7 security expert team keeps track of the vulnerabilities and apply patches to our customers’ servers within no time.

If you’d like to keep your servers secure with the best practices in server security and monitor them 24/7 to minimize their exposure to attacks, we’d be happy to talk to you.

Read: How to secure database server