Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: Mysql 3.23.x/4.0.x Remote Root Exploit
From: Andreas Gietl <a.gietl () e-admin de>
Date: Sun, 14 Sep 2003 15:14:31 +0200
On Sunday 14 September 2003 14:59, Elv1S wrote:

no comment ...

http://www.k-otik.com/exploits/09.14.mysql.c.php


This is NO ROOT exploit. 

To exploit the vuln you need the mysql-root and remote-access for 
mysql-root-user must be allowed!

After the exploit worked you don't have root-access but access with the user 
mysqld is running in.



don't know if this vuln is patched ?


Vuln is patched in 4.0.15





---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software


-- 
e-admin internet gmbh
Andreas Gietl                                            tel +49 941 3810884
Ludwig-Thoma-Strasse 35                      fax +49 (0)1805/39160 - 29104
93051 Regensburg                                  mobil +49 171 6070008

PGP/GPG-Key unter http://www.e-admin.de/gpg.html




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]