Race condition in Oracle MySQL prior to 5.5.52, 5.6.x prior to 5.6.33, 5.7.x prior to 5.7.15, and 8.x prior to 8.0.1; MariaDB prior to 5.5.52, 10.0.x prior to 10.0.28, and 10.1.x prior to 10.1.18; Percona Server prior to 5.5.51-38.2, 5.6.x prior to 5.6.32-78-1, and 5.7.x prior to 5.7.14-8; and Percona XtraDB Cluster prior to 5.5.41-37.0, 5.6.x prior to 5.6.32-25.17, and 5.7.x prior to 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
oracle mysql |
||
percona percona server |
||
percona xtradb cluster |
||
mariadb mariadb |
||
oracle mysql 8.0 |
MySQL, MariaDB, and Percona pwned.
Dangerous since-patched vulnerabilities in MySQL, MariaDB, and Percona's Server and XtraDB Cluster have been found that, when chained, allow attackers in shared environments complete compromise of servers.
The database servers are among the world's most popular and count all major tech giants as customers including Google and its properties; Facebook; Twitter; eBay; Cisco; Amazon and Netflix, plus scores more.
Legalhackers vulnerability hunter Dawid Golunski (@dawid_golunski) says th...
MySQL, MariaDB, and Percona pwned.
Dangerous since-patched vulnerabilities in MySQL, MariaDB, and Percona's Server and XtraDB Cluster have been found that, when chained, allow attackers in shared environments complete compromise of servers.
The database servers are among the world's most popular and count all major tech giants as customers including Google and its properties; Facebook; Twitter; eBay; Cisco; Amazon and Netflix, plus scores more.
Legalhackers vulnerability hunter Dawid Golunski (@dawid_golunski) says th...
Critical vulnerabilities in MySQL and vendor deployments by database servers MariaDB and PerconaDB have been identified that can lead to arbitrary code execution, root privilege escalation and server compromise.
Dawid Golunski of Legal Hackers published details around two proof-of-concept exploits for the vulnerabilities on Tuesday.
Both vulnerabilities affect MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier, along with MySQL database forks such as Percona Server ...
Good news: Oracle sneaked some patches out
Updated Security holes in MySQL can be abused to gain remote root access on poorly configured servers, it emerged on Monday.
Patches to fix up the programming blunders were quietly released last week. The flaws are present in all default installations of MySQL 5.5, 5.6 and 5.7. Grab versions 5.5.52, 5.6.33 and 5.7.15 to avoid any trouble.
The bugs were discovered by Dawid Golunski, who says he reported them to MySQL overseer Oracle on July 29.
He found that you can misuse an SQ...
Good news: Oracle sneaked some patches out
Updated Security holes in MySQL can be abused to gain remote root access on poorly configured servers, it emerged on Monday.
Patches to fix up the programming blunders were quietly released last week. The flaws are present in all default installations of MySQL 5.5, 5.6 and 5.7. Grab versions 5.5.52, 5.6.33 and 5.7.15 to avoid any trouble.
The bugs were discovered by Dawid Golunski, who says he reported them to MySQL overseer Oracle on July 29.
He found that you can misuse an SQ...
A researcher has published details and a limited proof-of-concept exploit for a critical vulnerability in MySQL that has been patched by some vendors, but not yet by Oracle.
The vulnerability allows an attacker to remotely or locally exploit a vulnerable MySQL database and execute arbitrary code, researcher Dawid Golunski of Legal Hackers wrote today in an advisory.
The flaw affects MySQL 5.7.15, 5.6.33 and 5.5.52. It has been patched in vendor deployments of MySQL in MariaDB and Per...
Vulmon