Microsoft has released a security advisory about a remote code execution vulnerabilities affecting all currently supported versions of Windows and Windows Server operating systems.Continue…
Security firms inadvertently leaked info about a 0-Day ‘wormable’ vulnerability found in the SMBv3 protocol.Continue…
Recently, a new vulnerability on Apache Tomcat AJP connector was disclosed.Continue…
Yesterday, Google engineers released an urgent update for the Chrome browser to patch an actively exploited zero-day.Continue…
On October 2019 Patch Tuesday, Microsoft released patches for CVE-2019-1166 and CVE-2019-1338, two serious vulnerabilities that may leading to a full Active Directory domain compromise.Continue…
The security expert Dirk-jan Mollema discovered a privilege escalation vulnerability in Microsoft Exchange that could be exploited by a user to become a Domain Admin.Continue…
These vulnerabilities could be exploited in shared hosting environments to gain access to all databases
Some weeks ago i have reported about 2 critical 0Day vulnerabilities of MySQL (and his forks MariaDB e PerconaDB).
At that time, the security researcher Dawid Golunski published only technical details and proof-of-concept exploit code for the first bug.
Now Golunski has released a POC exploits for all two vulnerabilities:
One is the previously promised critical privilege escalation vulnerability (CVE-2016–6663) that can allow a low-privileged account (with CREATE/INSERT/SELECT grants) with access to the affected database to escalate their privileges and execute arbitrary code as the database system user.
The other is a new root privilege escalation bug (CVE-2016–6664) that could allow attackers with ‘MySQL system user’ privilege to further escalate their privileges to root user, allowing them to fully compromise the system.
Both the vulnerabilities affect MySQL version 5.5.51 and earlier, MySQL version 5.6.32 and earlier, and MySQL version 5.7.14 and earlier.
Patchs and Mitigations
MySQL has already fixed the vulnerabilities and you are strongly advised to apply patches as soon as possible.
If you are unable to immediately apply patches, you can apply a temporary mitigation disabling symbolic link support within your database server configuration to this setting in my.cnf:
symbolic-links = 0
Oracle, are you there? We need you!
Dawid Golunski, a Polish security researcher discovered several security issues in the MySQL DBMS, including a vulnerability flaw (CVE-2016–6662) that can be exploited by a remote attacker to inject malicious settings into my.cnf configuration files.
The vulnerability that affect all currently supported MySQL versions as well as MariaDB and PerconaDB.
The vulnerability can be exploited via SQL injection attack, or by an attacker with valid credentials either locally or over the Web via phpMyAdmin:
“A successful exploitation could allow attackers to execute arbitrary code with root privileges which would then allow them to fully compromise the server on which an affected version of MySQL is running”
Golunski has also published a proof-of-concept exploit code:
More technical information on official advisory.
From Golunski’s advisory:
The vulnerability was reported to Oracle on 29th of July 2016 and triaged by the security team. It was also reported to the other affected vendors including PerconaDB and MariaDB. The vulnerabilities were patched by PerconaDB and MariaDB vendors by the end of 30th of August. During the course of the patching by these vendors the patches went into public repositories and the fixed security issues were also mentioned in the new releases which could be noticed by malicious attackers. As over 40 days have passed since reporting the issues and patches were already mentioned publicly, a decision was made to start disclosing vulnerabilities (with limited PoC) to inform users about the risks before the vendor's next CPU update that only happens at the end of October. No official patches or mitigations are available at this time from the vendor. As temporary mitigations, users should ensure that no mysql config files are owned by mysql user, and create root-owned dummy my.cnf files that are not in use. These are by no means a complete solution and users should apply official vendor patches as soon as they become available.
Exodus Intelligence have released the proof of concept code on their GitHub page
- Cisco ASA 5500 Series Adaptive Security Appliances
- Cisco ASA 5500-X Series Next-Generation Firewalls
- Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- Cisco ASA 1000V Cloud Firewall
- Cisco Adaptive Security Virtual Appliance (ASAv)
- Cisco Firepower 9300 ASA Security Module
- Cisco ISA 3000 Industrial Security Appliance
Cisco has already released a software updates that address the vulnerability.
Links and resources
A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software…tools.cisco.com
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepaperspacketstormsecurity.com
David Barksdale, Jordan Gruskovnjak, and Alex Wheeler Cisco has issued a fix to address CVE-2016-1287. The Cisco ASA…blog.exodusintel.com