{"id":788,"date":"2021-07-23T12:38:12","date_gmt":"2021-07-23T12:38:12","guid":{"rendered":"https:\/\/ssdsunucum.com\/blog\/cve-2016-6662-mysql\/"},"modified":"2021-07-23T12:38:12","modified_gmt":"2021-07-23T12:38:12","slug":"cve-2016-6662-mysql","status":"publish","type":"post","link":"https:\/\/ssdsunucum.com\/blog\/cve-2016-6662-mysql\/","title":{"rendered":"CVE-2016-6662 MySQL"},"content":{"rendered":"<\/p>\n
\n
<\/div>\n
\n

Background Information<\/h2>\n

On 12 September, 2016, an independent researcher revealed multiple MySQL\u00ae vulnerabilities. This advisory focuses on a vulnerability with a CVEID of CVE-2016-6662 which can allow attackers to (remotely) inject malicious settings into MySQL configuration files (my.cnf<\/code>) under certain configurations, leading to critical consequences.<\/p>\n

More information on MySQL can be found on the following websites:<\/p>\n

    \n
  • http:\/\/www.mysql.com\/products\/<\/li>\n
  • http:\/\/www.mysql.com\/why-mysql\/<\/li>\n
  • http:\/\/db-engines.com\/en\/system\/MySQL<\/li>\n<\/ul>\n

    MySQL derivatives are also affected, including:<\/p>\n

      \n
    • MariaDB<\/li>\n
    • PerconaDB<\/li>\n<\/ul>\n

      Impact<\/h2>\n

      The vulnerability affects all MySQL servers in the default configuration in all version branches (5.7, 5.6, and 5.5) including the latest versions, and can be exploited by both local and remote attackers. Both the authenticated access to MySQL databases (via network connection or web interfaces such as phpMyAdmin) and SQL Injection could be used as exploitation vectors if a MySQL user has the SUPER<\/code> privilege granted. Additionally, MySQL users with both SELECT<\/code> and FILE<\/code> privileges granted are also affected.<\/p>\n

      MySQL users created in cPanel are not granted the SUPER<\/code> or FILE<\/code> privileges, however they can be granted these elevated privileges from the root<\/code> MySQL user manually.<\/p>\n

      A successful exploitation could allow attackers to execute arbitrary code with root<\/code> privileges which would then allow them to fully compromise the server on which an affected version of MySQL or MariaDB is running.<\/p>\n

      How to determine if your server is affected.<\/h2>\n

      Determine if you are running MySQL or MariaDB<\/h3>\n

      You can determine if MySQL is installed by running the following command as root<\/code>:\n<\/p>\n

      \n
      yum list installed | grep MySQL | grep -server\nMySQL56-server.x86_64                             5<\/span>.6.31-2.cp1156      installed<\/code><\/pre>\n<\/div>\n
      If the above command does not return any output, verify you are running MariaDB by running the following command as root<\/code>:\n<\/p>\n
      \n
      yum list installed | grep MariaDB | grep -server\nMariaDB-server.x86_64                           10<\/span>.0.27-1.el7.centos   @MariaDB100<\/code><\/pre>\n<\/div>\n
      MySQL<\/h4>\n
      cPanel, L.L.C. is currently working on new versions with updated MySQL RPMs. We will update this section once new versions are available.<\/p>\n
      MariaDB<\/h4>\n
      MariaDB has fixes in place for versions greater than 10.0.27 and 10.1.17. Run the following command as root<\/code> to check the MariaDB version:\n<\/p>\n
      \n
      rpm -q MariaDB-server\nMariaDB-server-10.0.26-1.el7.centos.x86_64<\/code><\/pre>\n<\/div>\n
      Resolution<\/h2>\n
      MySQL<\/h3>\n
      The following table lists the MySQL versions with updated RPMs and their corresponding cPanel & WHM versions:<\/p>\n\n\n\n\n\n\n
      MySQL version<\/th>\ncPanel & WHM version<\/th>\nDocumentation<\/th>\n<\/tr>\n<\/thead>\n
      5.6.32<\/td>\n58.0.30<\/td>\nhttps:\/\/dev.mysql.com\/doc\/relnotes\/mysql\/5.6\/en\/news-5-6-33.html<\/td>\n<\/tr>\n
      5.5.52<\/td>\n58.0.30<\/td>\nhttps:\/\/dev.mysql.com\/doc\/relnotes\/mysql\/5.5\/en\/news-5-5-52.html<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
      MariaDB<\/h3>\n
      Versions 10.0.27 and greater are protected for 10.0.x versions of MariaDB, while versions 10.1.17 are protected for 10.1.x versions of MariaDB. If you are running an older version of MariaDB, you can upgrade with the following command:\n<\/p>\n
      \n
      # yum update MariaDB-server MariaDB-client MariaDB-common MariaDB-devel MariaDB-shared<\/span><\/code><\/pre>\n<\/div>\n
      Mitigation<\/h2>\n
      \n
      Warning:<\/div>\n
      \n
        \n
      • Manual modifications to the MySQL configuration always carries risk; a qualified systems administrator is recommended.<\/li>\n
      • We strongly<\/strong> recommend that you backup your databases before performing any of the steps below.<\/li>\n<\/ul><\/div>\n<\/div>\n
        In most situations, these mitigations are not necessary as unprivileged MySQL users created in cPanel & WHM do not have the SUPER<\/code> or FILE<\/code> grants.<\/p>\n
        You can check if you have MySQL accounts, other than root<\/code>, with these privileges granted manually by running the following commands as root<\/code>:\n<\/p>\n
        \n
        mysql mysql -e 'select User,Host from user where User != \"root\" and ( File_priv = \"Y\" or Super_priv = \"Y\" );'<\/span><\/code><\/pre>\n<\/div>\n
        If waiting for new cPanel versions with updated MySQL RPMs or upgrading to MariaDB is not possible, consider mitigating this issue by running the following commands as root<\/code>:<\/p>\n
        \n
        chown root:root \/etc\/my.cnf\nchmod 0644<\/span> \/etc\/my.cnf<\/code><\/pre>\n<\/div>\n
        This will ensure \/etc\/my.cnf<\/code> is not writable by the MySQL user.<\/p>\n
        Additionally, you can touch empty root-owned files at \/var\/lib\/mysql\/my.cnf<\/code> and \/var\/lib\/mysql\/.my.cnf<\/code> to prevent MySQL users with SUPER<\/code> or FILE<\/code> privileges from potentially writing to other configuration paths that may be used on certain OS and MySQL version combinations. This may cause warnings to be logged when restarting MySQL.\n<\/p>\n
        \n
        touch \/var\/lib\/mysql\/my.cnf \/var\/lib\/mysql\/.my.cnf<\/code><\/pre>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"
        Background Information On 12 September, 2016, an independent researcher revealed multiple MySQL\u00ae vulnerabilities. This advisory focuses on a vulnerability with a CVEID of CVE-2016-6662 which can allow attackers to (remotely) inject malicious settings into MySQL configuration files (my.cnf) under certain configurations, leading to critical consequences. More information on MySQL can be found on the following …<\/p>\n","protected":false},"author":1,"featured_media":789,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/788"}],"collection":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/comments?post=788"}],"version-history":[{"count":0,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/788\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media\/789"}],"wp:attachment":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media?parent=788"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/categories?post=788"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/tags?post=788"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}