Select Page

How to fix Root Privilege Escalation vulnerability (CVE-2016-6664) in MySQL, MariaDB and PerconaDB

How to fix Root Privilege Escalation vulnerability (CVE-2016-6664) in MySQL, MariaDB and PerconaDB

MySQL database server is widely used by online businesses to store their critical and valuable data. MariaDB and Percona are other database servers based on MySQL.

But the confidentiality and security of these database servers goes for a toss when one fine morning a vulnerability or exploit in the software gets published.

It was only a couple of months ago that the MySQL vulnerability CVE-2016-6662 ‘Remote Root Code Execution’ / ‘Privilege Escalation’ got revealed.

Two more critical vulnerabilities in MySQL has been revealed recently, which can lead to a server hack by executing arbitrary code and gaining root privilege.

MySQL Root Privilege Escalation vulnerability

Attackers can hack the database server by exploiting two vulnerabilities of the server, which arise due to insecure handling of error logs and other files of MySQL.

The first one is labeled as ‘CVE-2016-6663‘ aka ‘Privilege Escalation / Race Condition‘. Exploiting this vulnerability, a local mysql user can escalate his privileges in the server.

Once a user attains higher privileges, he can execute malicious code in the database server and hack the confidential data in it.

The second vulnerability is ‘CVE-2016-6664‘ or ‘Root Privilege Escalation‘. Hackers who gain access to the less-privileged user accounts can escalate their privilege to root level.

Once a hacker gains root access to the database server, he can compromise the entire server by stealing or destroying confidential and critical data.

This makes the two vulnerabilities critical ones and they need to be fixed without any delay, to avoid any business downtime due to server hacks.

Database servers affected by Root Privilege Escalation vulnerability

MySQL server and its derivatives such as Percona and MariaDB servers are affected by the vulnerability. The versions that are vulnerable are:

Database servers affected by MySQL root privilege escalation bug

Database servers vulnerable to root privilege escalation

 

How to fix Root Privilege Escalation bug in MySQL

MySQL has fixed the vulnerability in its latest database server versions. To update the latest server version, the steps are:

For RedHat and CentOS servers, ‘yum’ can be used to update MySQL server.

sudo yum update mysql-server

For version changes, the previous version may have to be removed first before installing new version.

In Ubuntu and Debian servers, ‘apt-get’ can be used to update the ‘mysql-server’ package.

 

Update MySQL server in Ubuntu

Update MySQL server in Ubuntu

 

After restarting the server after update, executing ‘mysql_upgrade’ helps to check and resolve any incompatibilities between the old data and the upgraded software.


Get a FREE consultation

Do you spend all day answering technical support queries?

Wish you had more time to focus on your business? Let us help you.

We free up your time by taking care of your customers and servers. Our engineers monitor your servers 24/7, and support your customers over help desk, live chat and phone.

Talk to our technical support specialist today to know how we can keep your service top notch!

TALK TO AN EXPERT NOW!




Bobcares provides Outsourced Hosting Support and Outsourced Server Management for online businesses. Our services include Hosting Support Services, server support, help desk support, live chat support and phone support.

Submit a Comment

Your email address will not be published. Required fields are marked *

Bobcares
Bobcares is a server management company that helps businesses deliver uninterrupted and secure online services. Our engineers manage close to 51,500 servers that include virtualized servers, cloud infrastructure, physical server clusters, and more.
MORE ABOUT BOBCARES