MySQL zero day CVE-2016-6662
Posted: Mon Sep 12, 2016 9:37 pm
there are going to be a lot of writeups on this, but figured i would start a placeholder now.
"Both the authenticated access to MySQL database (via network
connection or web interfaces such as phpMyAdmin) and SQL Injection
could be used as exploitation vectors. The exploitation is interesting in the way that it involves an
oldschool LD_PRELOAD environment variable and that it targets a
service that doesn't
serve requests as root but could still be tricked to get root RCE when
restarted"
https://www.helpnetsecurity.com/2016/09 ... 2016-6662/
http://seclists.org/oss-sec/2016/q3/481
"Both the authenticated access to MySQL database (via network
connection or web interfaces such as phpMyAdmin) and SQL Injection
could be used as exploitation vectors. The exploitation is interesting in the way that it involves an
oldschool LD_PRELOAD environment variable and that it targets a
service that doesn't
serve requests as root but could still be tricked to get root RCE when
restarted"
https://www.helpnetsecurity.com/2016/09 ... 2016-6662/
http://seclists.org/oss-sec/2016/q3/481