Researcher releases a slew of MySQL and SSH exploits
Posted on 03 December 2012.
Security professional Nikolaos Rangos, who is better known by his online handle Kingcope, has flooded the Full Disclosure mailing list over the weekend with information and exploits for a number of bugs in MySQL and SSH servers.

Five of the exploits allow attackers shell access with maximum privileges but, according to The H Security, require a legitimate database connection to execute injected code.

Two additional exploits are for a MySQL DoS zero-day and for one that allows the attackers to discover valid usernames, and two more are for Remote Authentication Bypass flaws in FreeSSHD and FreeFTPD.

The disclosed proof-of-concept exploit for a SSH.com Communications Tectia SSH Server Authentication Bypass Remote zero-day vulnerability has been tested and confirmed by researcher Eric Romang, who says that all versions of the server are affected.

"An attacker in the possession of a valid username of an SSH Tectia installation running on UNIX (verified on AIX/Linux) can login without a password. The bug is in the “SSH USERAUTH CHANGE REQUEST” routines which are there to allow a user to change their password. A bug in the code allows an attacker to login without a password by forcing a password change request prior to authentication," he explained, and offered a video of the exploit.

He did the same for the MySQL Database Privilege Elevation zero-day, and confirmed that it allows an attacker with access to a MySQL database through a user having some specific privileges to create a MySQL administrator user. So far, he managed to confirm that the affected versions are 5.0 and 5.1.






Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //