MySQL zero day CVE-2016-6662

Talk about internet security, computer security, personal security, your social security number...
Post Reply
morganism
Senior Member
Posts: 116
Joined: Tue Nov 26, 2013 9:44 pm

MySQL zero day CVE-2016-6662

Post by morganism » Mon Sep 12, 2016 9:37 pm

there are going to be a lot of writeups on this, but figured i would start a placeholder now.

"Both the authenticated access to MySQL database (via network
connection or web interfaces such as phpMyAdmin) and SQL Injection
could be used as exploitation vectors. The exploitation is interesting in the way that it involves an
oldschool LD_PRELOAD environment variable and that it targets a
service that doesn't
serve requests as root but could still be tricked to get root RCE when
restarted"

https://www.helpnetsecurity.com/2016/09/12/mysql-0-day-cve-2016-6662/

http://seclists.org/oss-sec/2016/q3/481
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130410 Firefox/23.0

Post Reply