04 Dec 2012
Zero-Day Exploits for MySQL and SSH Publicly Available
If you’re running MySQL in a shared environment, you have all the reasons to worry as no less than five distinct exploits targeting the popular database system from Oracle have been fully disclosed by a hacker known as KingCope.
Apart from the MySQL exploits, the hacker also documented an exploit targeting the SSH servers by SSH Communications Security and FreeSSHd/FreeFTPd.
According to the released documentation, an attacker that has already access to a MySQL database can – among others – abuse its privileges to connect as system (and subsequently have access to all database features), trigger database crashes or find valid usernames. Three of these exploits target Linux systems, while the rest of two are designed for Windows versions of the database system.
The SSH exploit is much more stringent, as it does not require the user to be authenticated in any way. On the contrary, the bug allows an attacker to bypass the password authentication mechanism by calling input_userauth_passwd_changereq() before going through with the authentication. This way, the attacker is able to log into the system with an arbitrary password.