So it looks like we’re closing out the year in style in 2012. This weekend a number of new, very serious, zero-day vulnerabilities were released for a number of very popular applications – MySQL, FreeSSH, Free FTPD.
- Stack Based Overrun – CVE-2012-5611
- Heap Based Overrun – CVE-2012-5612
- Database Privilege Elevation – CVE-2012–5613
- Denial of Service – CVE-2012-5614
- Windows Remote System Level Exploit
- Remote Preauth User Enumeration – CVE-2012–5615
Of the three, the most concerning is obviously MySQL. If you listen to any of our security presentations you know that your application is but one piece of the puzzle, and you environment is a critical component of that puzzle too.
MySQL is integral to any LAMP based application – LAMP = Linux, Apache, MySQL, PHP – this includes many open source content management systems (CMS) like WordPress, Joomla, Drupal, Magento, osCommerce and many more. This is exceptionally dangerous to those environments in which MySQL is being published (i.e., not bound to itself or it’s port open) to the world and applies to VPS and Shared environments alike.