Blog

MySQL and the GHOST: glibc gethostbyname buffer overflow

The vulnerable library call provides DNS name resolution and although it's been obsoleted in favour of other calls, it is still widely used by both legacy and modern applications.

Having a quick search, MySQL does not seem to rely on gethostbyname() almost at all. A few uses can be found in MySQL Cluster code (NDB), however it's likely only to resolve node names set in the cluster configuration, which poses no risk to system security as one needs to have the administrative rights in the first place to be able to set those names. However, the MySQL sources carry an example UDF that calls gethostbyname(), so it may be possible if the example is installed, the system could also be vulnerable if a remote attacker can pass unfiltered input to such a UDF. You may have also developed and installed your own UDF that makes use of the problematic library call, which could make the server vulnerable.

For a dedicated database server the attack vector is probably very limited, but if you have a multi-purpose server then it could be wide open to attacks.

So our conclusion is that it does not affect MySQL directly in any way, however other software running on the same server can be used as an attack vector, as such great care should be taken to eradicate that risk.

Full details of the vulnerability can be found here.

Qualys announced they had found an exploit in one of the Linux core libraries - glibc - using a buffer overflow technique in gethostbyname(). They have developed a proof-of-concept in which simply sending a specially created e-mail to a mail server enabled them to create a remote shell to the Linux machine. According to Qualys, "This bypasses all existing protections (like ASLR, PIE and NX) on both 32-bit and 64-bit systems.". How does it affect MySQL servers? Read on!

shutterstock_225060220.jpg

Take care of your MySQL performance.

MySQL audits available from only $129 per server. Learn More
blog comments powered by Disqus