A bug in the MySQL database could let attackers have access to some servers and eventually compromise them is been disclosed publicly. Including MySQL-derived databases MariaDB and Percona DB, this bug will affect all MySQL servers in the default configuration. If the MySQL process is started with the mysqld_safe wrapper script the attacker-controlled library to be executed with root privileges exploiting in modifying the MySQL configuration file (my.cnf) with this bug which is tracked as CVE-2016-6662. The exploit can be easily executed through an SQL injection flaw, a common type of weakness in websites or provided the hacker has an authentic connection to the MySQL service, which can be found in shared hosting environments.
Only Maria DB and Percona DB has received patches yet whereas originally the flaws were reported for all three affected databases. Oracle was yet to fix the flaw despite being reported a couple of months ago. For MySQL admins to take actions for protecting their servers, researchers have released the details of the flaw after the Maria DB and Percona DB patches were released by the company.
Oracle didn’t respond to comment on this issue but the rest of the patches are expected to be released in October.