Race condition in Oracle MySQL prior to 5.5.52, 5.6.x prior to 5.6.33, 5.7.x prior to 5.7.15, and 8.x prior to 8.0.1; MariaDB prior to 5.5.52, 10.0.x prior to 10.0.28, and 10.1.x prior to 10.1.18; Percona Server prior to 5.5.51-38.2, 5.6.x prior to 5.6.32-78-1, and 5.7.x prior to 5.7.14-8; and Percona XtraDB Cluster prior to 5.5.41-37.0, 5.6.x prior to 5.6.32-25.17, and 5.7.x prior to 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle mysql |
||
percona percona server |
||
percona xtradb cluster |
||
mariadb mariadb |
||
oracle mysql 8.0 |
MySQL, MariaDB, and Percona pwned.
Dangerous since-patched vulnerabilities in MySQL, MariaDB, and Percona's Server and XtraDB Cluster have been found that, when chained, allow attackers in shared environments complete compromise of servers. The database servers are among the world's most popular and count all major tech giants as customers including Google and its properties; Facebook; Twitter; eBay; Cisco; Amazon and Netflix, plus scores more. Legalhackers vulnerability hunter Dawid Golunski (@dawid_golunski) says the race condi...
Good news: Oracle sneaked some patches out
Updated Security holes in MySQL can be abused to gain remote root access on poorly configured servers, it emerged on Monday. Patches to fix up the programming blunders were quietly released last week. The flaws are present in all default installations of MySQL 5.5, 5.6 and 5.7. Grab versions 5.5.52, 5.6.33 and 5.7.15 to avoid any trouble. The bugs were discovered by Dawid Golunski, who says he reported them to MySQL overseer Oracle on July 29. He found that you can misuse an SQL command to write...