The H – (International) Season’s gr3371ng5 - hacker releases exploits for MySQL and SSH. The hacker who goes by the name KingCope released several exploits December 2, some of which date back to 2011. The exploits mostly target the now-Oracle-owned MySQL open source database, but the SSH servers by SSH Communications Security and FreeSSHd/FreeFTPd are also at acute risk. The MySQL exploits do, however, require a legitimate database connection to execute injected code. Exploits such as “mysqljackpot” then, for example, misuse the connection’s “file privilege” to provide the attacker with shell access at system privilege level. The hacker also describes a hole that allows attackers to trigger a database crash and another hole that enables them to find valid user names. Apparently, both holes can be exploited to bypass the password check and log in with an arbitrary password. With SSH’s Tectia server, the exploit description says that attackers can modify a legitimate user’s password by calling input_userauth_passwd_changereq() before logging in. In case of the FreeSSHd/FreeFTPd server, all that appears to be required is to ignore a refusal message by the server and declare the session to be open at the right time. All the exploit has to do is add an extra call to the existing ssh_session2() function of the regular openssh client.
Ali Loney, on December 03, 2012