For those who don’t know, several security vulnerabilities in MySQL were discovered recently and published to the security mailing lists. Yet another time, remote attacker can badly hit your production systems causing long downtime.
List of security issues:
- CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC Zeroday
- CVE-2012-5612 MySQL (Linux) Heap Based Overrun PoC Zeroday
- CVE-2012-5613 MySQL (Linux) Database Privilege Elevation Zeroday Exploit
- CVE-2012-5614 MySQL Denial of Service Zeroday PoC
- CVE-2012-5615 MySQL Remote Preauth User Enumeration Zeroday
As always, we strongly recommend to:
- ensure that MySQL to do not listen on public interface that is accessible from the internet
- limit access to MySQL per host/sub-net
- remove all test accounts that might be an effect of installation or developement process (e.g., test users)
- upgrade MySQL to newest, unaffected version available
- REVOKE privileges that are not mandatory (see description of CVE-2012-5613)
- read dbasquare.com and stay up to date with MySQL security news ;)
Tomorrow, I will do some testing to see which versions are vulnerable and which are safe. Of course, I will share results here.