MySQL remote exploit
Herminio Hernandez, Jr.
herminio.hernandezjr at gmail.com
Wed Sep 14 01:28:30 MST 2016
Should I be consern even if my SQL server is only listening on localhost?
On Mon, Sep 12, 2016 at 1:29 PM, Joseph Sinclair <plug-discussion at stcaz.net>
wrote:
> FYI, minor improvement below to lock down a few edge cases (note, this is
> primarily for EXT{2,3,4} and other filesystems that support file
> attributes).
> You'll also need to remove the attribute manually before updating when
> patches become available.
>
> On 09/12/2016 12:33 PM, der.hans wrote:
> > Am 12. Sep, 2016 schwätzte Herminio Hernandez Jr. so:
> >
> > moin moin,
> >
> >> Basically they mirror the repos. So when it hits debian I will upgrade.
> >
> > Ah, OK.
> >
> > You might also want to create a couple of empty files and lock them down.
> >
> > $datadir can be exploited, so pre-emptively putting empty conf files in
> > there that can't be changed by mysql is a good idea.
> >
> > The following is for anyone with questions on locking down the config
> > files in $datadir.
> >
> > Presuming $datadir is /var/lib/mysql either of the following will lock
> > down the files when run as root, but the first will destroy files you
> > might already have.
> >
> > # >/var/lib/mysq/my.cnf
> > # >/var/lib/mysq/.my.cnf
> > # chmod 000 /var/lib/mysq/{.,}my.cnf
> # chattr +i /var/lib/mysq/{.,}my.cnf
> >
> > Or, with some minimal verification that it's safe...
> >
> > # for file in /var/lib/mysq/{.,}my.cnf; do
> > if [ ! -e $file ] ; then
> > >$file
> > chmod 000 $file
> chattr +i $file
> > ls -l $file
> lsattr $file
> > else
> > ls -l $file
> lsattr $file
> > echo "You might want to check on that"
> > fi
> > done
> >
> > ciao,
> >
> > der.hans
> >
> >> Sent from my iPhone
> >>
> >>> On Sep 12, 2016, at 12:00 PM, der.hans <PLUGd at LuftHans.com> wrote:
> >>>
> >>> Am 12. Sep, 2016 schwätzte Herminio Hernandez Jr. so:
> >>>
> >>> moin moin,
> >>>
> >>>> Thanks have some SQL in DO droplets. Will be looking for this.
> >>>
> >>> Will DigitalOcean automagically apply the patches for you?
> >>>
> >>> I would expect it's in their best interest.
> >>>
> >>> I'm certain DreamHost is already upgraded. GoDaddy is probably rolling
> it
> >>> out already, but I no longer know anyone on the team over there, so am
> not
> >>> sure how quick they will be.
> >>>
> >>> This is admittedly one of the advantages of cloud. The infrastructure
> >>> providers can centrally test and roll out for everyone. The
> disadvantage
> >>> is if it's something that affects you, but they don't know or care
> about
> >>> it :).
> >>>
> >>> ciao,
> >>>
> >>> der.hans
> >>>
> >>>> Sent from my iPhone
> >>>>
> >>>>> On Sep 12, 2016, at 11:18 AM, der.hans <PLUGd at LuftHans.com> wrote:
> >>>>>
> >>>>> moin moin,
> >>>>>
> >>>>> a MySQL remote exploit was announced this morning. Percona and
> MariaDB
> >>>>> already have fixes that have not yet hit the distros.
> >>>>>
> >>>>> https://www.percona.com/blog/2016/09/12/percona-server-
> critical-update-cve-2016-6662
> >>>>>
> >>>>> http://legalhackers.com/advisories/MySQL-Exploit-
> Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
> >>>>>
> >>>>> Watch for updates.
> >>>>>
> >>>>> ciao,
> >>>>>
> >>>>> der.hans
> >>>>> --
> >>>>> # http://www.LuftHans.com/ http://www.PhxLinux.org/
> >>>>> # Fairy Tale, n.: A horror story to prepare children for the
> newspapers.
> >>>>> ---------------------------------------------------
> >>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >>>>> To subscribe, unsubscribe, or to change your mail settings:
> >>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >>>> ---------------------------------------------------
> >>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >>>> To subscribe, unsubscribe, or to change your mail settings:
> >>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >>>
> >>> --
> >>> # http://www.LuftHans.com/ http://www.PhxLinux.org/
> >>> # "You go to Afghanistan and you swallow enough dust that you'll pass
> an
> >>> # adobe brick." -- Robin Williams, 03Aug2006
> >>> ---------------------------------------------------
> >>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >>> To subscribe, unsubscribe, or to change your mail settings:
> >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >
> >
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20160914/b323ab55/attachment.html>
More information about the PLUG-discuss
mailing list