Re: MySQL remote exploit

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Mder.hans at <-
MHerminio Hernandez, Jr. at ->
Attachments:
Message as email
+ (text/plain)
+ signature.asc (application/pgp-signature)
+ (text/plain)
Delete this message
Reply to this message
Author: Joseph Sinclair
Date:  
To: Main PLUG discussion list
Subject: Re: MySQL remote exploit
FYI, minor improvement below to lock down a few edge cases (note, this is primarily for EXT{2,3,4} and other filesystems that support file attributes).
You'll also need to remove the attribute manually before updating when patches become available.

On 09/12/2016 12:33 PM, der.hans wrote:
> Am 12. Sep, 2016 schwätzte Herminio Hernandez Jr. so:
>
> moin moin,
>
>> Basically they mirror the repos. So when it hits debian I will upgrade.
>
> Ah, OK.
>
> You might also want to create a couple of empty files and lock them down.
>
> $datadir can be exploited, so pre-emptively putting empty conf files in
> there that can't be changed by mysql is a good idea.
>
> The following is for anyone with questions on locking down the config
> files in $datadir.
>
> Presuming $datadir is /var/lib/mysql either of the following will lock
> down the files when run as root, but the first will destroy files you
> might already have.
>
> # >/var/lib/mysq/my.cnf
> # >/var/lib/mysq/.my.cnf
> # chmod 000 /var/lib/mysq/{.,}my.cnf
# chattr +i /var/lib/mysq/{.,}my.cnf
>
> Or, with some minimal verification that it's safe...
> 
> # for file in /var/lib/mysq/{.,}my.cnf; do
>     if [ ! -e $file ] ; then
>         >$file
>         chmod 000 $file

          chattr +i $file

>         ls -l $file

          lsattr $file

>     else
>         ls -l $file

          lsattr $file

>         echo "You might want to check on that"
>     fi
> done

>
> ciao,
>
> der.hans
>
>> Sent from my iPhone
>>
>>> On Sep 12, 2016, at 12:00 PM, der.hans <> wrote:
>>>
>>> Am 12. Sep, 2016 schwätzte Herminio Hernandez Jr. so:
>>>
>>> moin moin,
>>>
>>>> Thanks have some SQL in DO droplets. Will be looking for this.
>>>
>>> Will DigitalOcean automagically apply the patches for you?
>>>
>>> I would expect it's in their best interest.
>>>
>>> I'm certain DreamHost is already upgraded. GoDaddy is probably rolling it
>>> out already, but I no longer know anyone on the team over there, so am not
>>> sure how quick they will be.
>>>
>>> This is admittedly one of the advantages of cloud. The infrastructure
>>> providers can centrally test and roll out for everyone. The disadvantage
>>> is if it's something that affects you, but they don't know or care about
>>> it :).
>>>
>>> ciao,
>>>
>>> der.hans
>>>
>>>> Sent from my iPhone
>>>>
>>>>> On Sep 12, 2016, at 11:18 AM, der.hans <> wrote:
>>>>>
>>>>> moin moin,
>>>>>
>>>>> a MySQL remote exploit was announced this morning. Percona and MariaDB
>>>>> already have fixes that have not yet hit the distros.
>>>>>
>>>>> https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662
>>>>>
>>>>> http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
>>>>>
>>>>> Watch for updates.
>>>>>
>>>>> ciao,
>>>>>
>>>>> der.hans
>>>>> -- 
>>>>> #  http://www.LuftHans.com/        http://www.PhxLinux.org/
>>>>> #  Fairy Tale, n.: A horror story to prepare children for the newspapers.
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - 
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - 
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

>>>
>>> -- 
>>> #  http://www.LuftHans.com/        http://www.PhxLinux.org/
>>> #  "You go to Afghanistan and you swallow enough dust that you'll pass an
>>> #  adobe brick." -- Robin Williams, 03Aug2006
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - 
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> ---------------------------------------------------
>> PLUG-discuss mailing list - 
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: MySQL remote exploitHow to get around a maximum email size limit.->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)