MySQL/MariaDB/Percona - Race Cond CVE-2016-6663 & Root PrivEsc CVE-2016-6664 PoC Exploits

[Youtube Data] Public Data - [CVE-2016-6663 & CVE-2016-6664 : Exploits]

202022๋…„ NHN Cloud ๋ฌด๋ฃŒ ๊ต์œก์ผ์ • : https://doc.skill.or.kr/2022-NHN-Cloud-Education

์ œ๋ชฉ : MySQL/MariaDB/Percona - Race Cond CVE-2016-6663 & Root PrivEsc CVE-2016-6664 PoC Exploits

๋‚ด์šฉ :

๊ณต๊ฒฉ์ž๋Š” CVE-2016-6663 ์ทจ์•ฝ์ ์„ ์ด์šฉํ•˜์—ฌ ์›น ์‚ฌ์šฉ์ž ๊ถŒํ•œ ํš๋“ ํ•˜๊ณ  CVE-2016-6664 ์ทจ์•ฝ์ exploit ์„ ํ†ตํ•ด root ๊ถŒํ•œ์„ ํš๋“ ํ•˜๋Š” ๋ฐฉ๋ฒ• ์ž…๋‹ˆ๋‹ค.

ํ•ด๋‹น ์ทจ์•ฝ์ ์€ ๋‹ค์–‘ํ•œ ๋ฒ„์ „์—์„œ ๋ฐœ์ƒ ๋ฉ๋‹ˆ๋‹ค.

--- CVE-2016-6663 ---

MariaDB [5.5.52 , 10.1.18 , 10.0.28]

MySQL [5.5.51 , 5.6.32 , 5.7.14]

Percona Server [5.5.51-38.2 , 5.6.32-78-1 , 5.7.14-8]

Percona XtraDB Cluster [5.6.32-25.17 , 5.7.14-26.17 , 5.5.41-37.0]

--- CVE-2016-6664 ---

MySQL [5.5.51 , 5.6.32 , 5.7.14]

MariaDB [ All current ]

Percona Server [5.5.51-38.2 , 5.6.32-78-1 , 5.7.14-8]

Percona XtraDB Cluster [5.6.32-25.17 , 5.7.14-26.17 , 5.5.41-37.0]

ํ•ด๊ฒฐ๋ฐฉ์•ˆ์œผ๋กœ๋Š” ์ตœ์‹ ๋ฒ„์ „์˜ ๋ณด์•ˆ ์—…๋ฐ์ดํŠธ ์ˆ˜ํ–‰ ํ•˜์‹œ๊ธฐ ๋ฐ”๋ž๋‹ˆ๋‹ค.

Description :

MySQL / MariaDB / Percona - PoC/Demo Exploit Video for the following vulns:

  • Race Condition (CVE-2016-6663 / CVE-2016-5616)

  • Root Privilege Escalation (CVE-2016-6664 / CVE-2016-5617)

In the video, first, exploitation of CVE-2016-6663 Race Condition vuln is shown on 3 different hosts running MySQL, MariaDB and Percona in their default configuration leading to escalation of privileges to mysql system user (mysql shell).

Finally, the exploitation of CVE-2016-6664 is shown on the last target (running Percona database) - leading to escalation to root account (rootshell)

์‹œ์—ฐ ์˜์ƒ

2022๋…„ NHN Cloud ๋ฌด๋ฃŒ ๊ต์œก์ผ์ • : https://doc.skill.or.kr/2022-NHN-Cloud-Education

Last updated

Was this helpful?