How does one fix this MySQL zero day vulnerability on Ubuntu 14.04?

Posted September 12, 2016 3.7k views

It seems there’s a nasty MySQL zero day flaw that needs to be fixed on all servers running MySQL 5.7.13 and below, including MariaDB and PerconaDB:

Does anyone know how to apply the patch to fix this vulnerability ? A quick D.O tutorial would be pretty handy.

1 comment
  • Ok, just noticed that no official patches are available until end of October and the solution until then is to ensure that “no mysql config files are owned by mysql user”.

    See Section IX of this page

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

It appears that this vulnerability requires the attacker to already have a valid MySQL user account on your server before they can escalate privileges.

While concerning this should not provide a new attack vector unless you are running a shared hosting environment for other users. I would recommend ensuring you have updates running automatically so when an updated version is released your copy of MySQL will be updated automatically.

  • Ah, thanks. Like you said, it looks like this can be far more dangerous on shared hosting servers such as cPanel, for example.

  • I do not think is you can disregard the severity of this vulnerability so easily. I read the they haven’t released the full PoC of the attack and also I learned that this can be exploited through SQL injection even if the MySQL user doesn’t have the FILE privilege.

    I’m really worried about this vulnerability because it can make any tiny flaw catastrophic. I wonder why Oracle hasn’t patched this, even when they were alerted more than a month ago. MariaDB and Percona have already released patches for their servers.

    • From what I understand reading the documentation, I believe the exploit only works if any of the mysql config files on a server are owned by the user mysql instead of root. Apparently, even some well regarded sites/documentation on MySQL and its clones erroneously advise that the .cnf files should be owned by the mysql user.

      I checked the .cnf files on my server and they were all owned by root, so I have left it at that.

      Nevertheless, you are right that this is a serious vulnerability and it would be nice if D.O put together a quick tutorial for its users to check and take steps to mitigate it. Using a properly configured mod_security setup would be another layer of defence against SQL injection.