Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)
From: king cope <isowarez.isowarez.isowarez () googlemail com>
Date: Sun, 2 Dec 2012 16:44:06 +0100

Hello Kurt,
thanks for catching up and coordinating the CVEs.
It has to be mentioned that the MySQL on Windows RCE applies to the
default install
of the Windows MySQL installer package. If the default options are set
the server is vulnerable out of the box.

Greetings,

Kingcope

2012/12/2 Kurt Seifried <kseifried () redhat com>:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/01/2012 11:41 AM, king cope wrote:
*** FARLiGHT ELiTE HACKERS LEGACY R3L3ASE ***

Attached is the MySQL Windows Remote Exploit (post-auth, udf
technique) including the previously released mass scanner. The
exploit is mirrored at the farlight website
http://www.farlight.org.

Cheerio,

Kingcope

So in the case of this issue it appears to be documented (UDF, do not
run MySQL as administrator, etc.). As I understand CVE assignment
rules this issue does not require a CVE, however just to be on the
safe side I'm CC'ing MySQL, Oracle, MariaDB, OSS-SEC, Steven Christey,
cve-assign and OSVDB to the CC so that everyone is aware of what is
going on.

- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQuvLHAAoJEBYNRVNeJnmT9qkQAJQpvJbzLGsgqaX514YqIdIv
cxa7hjTeTEJQk6M9Do2QRdzUekUqNc6rAVW06TAnnSjE1aBoiFmpKqr38VzD/7BX
27ZuSpEPHeVYqKwruMzmV51b/0/4C5TqVRhgC5vxW9iXHUp2srKvaSxYlnZ6aRg4
R8vXbYc+FDW2T5bL0EFe0YTRnzKAyvvrAVsbKfI0iQZ/oVvOZcZ7k4HEyhfphzCZ
rQuMkJMKYJ1VnzbWN1UWihWq3YF9Ciusw1wGJu4dLjjoMGzZvLZh3s6WzoITRA2y
TAxAAa/40ZfF1ONJQ0/SKCGsQtABJiT0PXVB9jBLwnLsHYAXgLzz200vn2DvOz/g
dNHj17gcBlyIlTJfYHvnRw5F0igixTevDI6QxsefrECFJOs5zCFaiB71jcrMVOAT
PLyapA4+oJdtpPgIwF3CozwzVpRSZmJ9fjkJEpVWjZP3TZGM94Xm+B/tlGrrzCSr
zM2hBG3JRAoCNW48Wdf0MLe6FEAHoQSGVqBVmjqjohPqQ1eoJXOoz0xl6NsD5HRb
VQJsx9G1L8u6T0F4C8cC6v+QJKASF+/ZxLfprU8W8IuZZ9CmVxoMht0Ny82nnKkc
MdezH/13+WfmuAZ+yxtRgC7h5pHN3phSKFVlNiGm07hlnFW0igwGi176xTo/pX3K
0WF2FT8pjtvcglpV+uez
=JAto
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault