Multiple zero-day vulnerabilities have been discovered in the popular database software MySQL that could allow hackers to crash the service, deny access to users, privilege escalation and authentication bypass.
There are five zero-day vulnerabilities. According to report, one was recognised as a duplicate of an existing flaw and another a misconfiguration.
Common Vulnerabilities and Exposures (CVE) identifiers assigned to the issues to track them:
- CVE-2012-5611 — MySQL (Linux) Stack based buffer overrun PoC Zeroday
- CVE-2012-5612 — MySQL (Linux) Heap Based Overrun PoC Zeroday
- CVE-2012-5613 — MySQL (Linux) Database Privilege Elevation Zeroday Exploit
- CVE-2012-5614 — MySQL Denial of Service Zeroday PoC
- CVE-2012-5615 — MySQL Remote Preauth User Enumeration Zeroday
Security researcher Eric Romang has posted a video demonstrating how misconfigured servers are vulnerable in his blog.
Similar issues were also disclosed involving SSH.com Communications' Tectia SSH Server, which was also determined to be vulnerable to authentication bypass.