These vulnerabilities could be exploited in shared hosting environments to gain access to all databases

Some weeks ago i have reported about 2 critical 0Day vulnerabilities of MySQL (and his forks MariaDB e PerconaDB).

At that time, the security researcher Dawid Golunski published only technical details and proof-of-concept exploit code for the first bug.
Now Golunski has released a POC exploits for all two vulnerabilities:

[embed]https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html[/embed]

 

[embed]https://gist.github.com/andreafortuna/1bdc25021089be5344047b7ded433fc8[/embed]

One is the previously promised critical privilege escalation vulnerability (CVE-2016–6663) that can allow a low-privileged account (with CREATE/INSERT/SELECT grants) with access to the affected database to escalate their privileges and execute arbitrary code as the database system user.

The other is a new root privilege escalation bug (CVE-2016–6664) that could allow attackers with ‘MySQL system user’ privilege to further escalate their privileges to root user, allowing them to fully compromise the system.

Both the vulnerabilities affect MySQL version 5.5.51 and earlier, MySQL version 5.6.32 and earlier, and MySQL version 5.7.14 and earlier.


Patchs and Mitigations

MySQL has already fixed the vulnerabilities and you are strongly advised to apply patches as soon as possible.

If you are unable to immediately apply patches, you can apply a temporary mitigation disabling symbolic link support within your database server configuration to this setting in my.cnf:

symbolic-links = 0