PSA: December Zero Day’s Announced – MySQL, FreeSSH, Free FTPD

So it looks like we’re closing out the year in style in 2012. This weekend a number of new, very serious, zero-day vulnerabilities were released for a number of very popular applications – MySQL, FreeSSH, Free FTPD.

MySQL

FTPD

>FreeSSHD

Of the three, the most concerning is obviously MySQL. If you listen to any of our security presentations you know that your application is but one piece of the puzzle, and you environment is a critical component of that puzzle too.

MySQL is integral to any LAMP based application – LAMP = Linux, Apache, MySQL, PHP – this includes many open source content management systems (CMS) like WordPress, Joomla, Drupal, Magento, osCommerce and many more. This is exceptionally dangerous to those environments in which MySQL is being published (i.e., not bound to itself or it’s port open) to the world and applies to VPS and Shared environments alike.

Scan your website for free:
About Tony Perez

I'm a technologist with a passion for the Information Security domain. I am especially interested in malware reverse engineering, incident handling and response as well as offensive counter measures. Catch my personal rants on tonyonsecurity.com and follow on twitter at perezbox.