Researcher releases a slew of MySQL and SSH exploits
Posted on 03 December 2012.
Security professional Nikolaos Rangos, who is better known by his online handle Kingcope, has flooded the Full Disclosure mailing list over the weekend with information and exploits for a number of bugs in MySQL and SSH servers.

Five of the exploits allow attackers shell access with maximum privileges but, according to The H Security, require a legitimate database connection to execute injected code.

Two additional exploits are for a MySQL DoS zero-day and for one that allows the attackers to discover valid usernames, and two more are for Remote Authentication Bypass flaws in FreeSSHD and FreeFTPD.

The disclosed proof-of-concept exploit for a SSH.com Communications Tectia SSH Server Authentication Bypass Remote zero-day vulnerability has been tested and confirmed by researcher Eric Romang, who says that all versions of the server are affected.

"An attacker in the possession of a valid username of an SSH Tectia installation running on UNIX (verified on AIX/Linux) can login without a password. The bug is in the “SSH USERAUTH CHANGE REQUEST” routines which are there to allow a user to change their password. A bug in the code allows an attacker to login without a password by forcing a password change request prior to authentication," he explained, and offered a video of the exploit.

He did the same for the MySQL Database Privilege Elevation zero-day, and confirmed that it allows an attacker with access to a MySQL database through a user having some specific privileges to create a MySQL administrator user. So far, he managed to confirm that the affected versions are 5.0 and 5.1.






Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //