Re: MySQL remote exploit

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/plain)
Delete this message
Reply to this message
Author: der.hans
Date:  
To: Main PLUG discussion list
Subject: Re: MySQL remote exploit
Am 12. Sep, 2016 schwätzte Herminio Hernandez Jr. so:

moin moin,

> Basically they mirror the repos. So when it hits debian I will upgrade.


Ah, OK.

You might also want to create a couple of empty files and lock them down.

$datadir can be exploited, so pre-emptively putting empty conf files in
there that can't be changed by mysql is a good idea.

The following is for anyone with questions on locking down the config
files in $datadir.

Presuming $datadir is /var/lib/mysql either of the following will lock
down the files when run as root, but the first will destroy files you
might already have.

# >/var/lib/mysq/my.cnf
# >/var/lib/mysq/.my.cnf
# chmod 000 /var/lib/mysq/{.,}my.cnf

Or, with some minimal verification that it's safe...

# for file in /var/lib/mysq/{.,}my.cnf; do
     if [ ! -e $file ] ; then
         >$file
         chmod 000 $file
         ls -l $file
     else
         ls -l $file
         echo "You might want to check on that"
     fi
done


ciao,

der.hans

> Sent from my iPhone
>
>> On Sep 12, 2016, at 12:00 PM, der.hans <> wrote:
>>
>> Am 12. Sep, 2016 schwätzte Herminio Hernandez Jr. so:
>>
>> moin moin,
>>
>>> Thanks have some SQL in DO droplets. Will be looking for this.
>>
>> Will DigitalOcean automagically apply the patches for you?
>>
>> I would expect it's in their best interest.
>>
>> I'm certain DreamHost is already upgraded. GoDaddy is probably rolling it
>> out already, but I no longer know anyone on the team over there, so am not
>> sure how quick they will be.
>>
>> This is admittedly one of the advantages of cloud. The infrastructure
>> providers can centrally test and roll out for everyone. The disadvantage
>> is if it's something that affects you, but they don't know or care about
>> it :).
>>
>> ciao,
>>
>> der.hans
>>
>>> Sent from my iPhone
>>>
>>>> On Sep 12, 2016, at 11:18 AM, der.hans <> wrote:
>>>>
>>>> moin moin,
>>>>
>>>> a MySQL remote exploit was announced this morning. Percona and MariaDB
>>>> already have fixes that have not yet hit the distros.
>>>>
>>>> https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662
>>>>
>>>> http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
>>>>
>>>> Watch for updates.
>>>>
>>>> ciao,
>>>>
>>>> der.hans
>>>> --
>>>> #  http://www.LuftHans.com/        http://www.PhxLinux.org/
>>>> #  Fairy Tale, n.: A horror story to prepare children for the newspapers.
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - 
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - 
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

>>
>> --
>> #  http://www.LuftHans.com/        http://www.PhxLinux.org/
>> #  "You go to Afghanistan and you swallow enough dust that you'll pass an
>> #  adobe brick." -- Robin Williams, 03Aug2006
>> ---------------------------------------------------
>> PLUG-discuss mailing list - 
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - 
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss


-- 
#  http://www.LuftHans.com/        http://www.PhxLinux.org/
#  "Rock 'n' roll might not solve your problems, but it does let you dance
#  all over them." -- Pete Townsend
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss