Bugtraq mailing list archives
Re: MySQL Security
From: aleph1 () DFW NET (Aleph One)
Date: Sun, 29 Mar 1998 03:31:17 -0600
On Sun, 29 Mar 1998, Sandu Mihai wrote:
When you use a certain mysql configuration it is possible to create files on the system as root with rw-rw-rw. Many MySQL users have included user root from localhost without password in their config. So. If on such a system you issue : mysql -u root test you not only will have access to the database but you'll be able to create a file on the system with the root ownership and rw-rw-rw useing the SELECT .. INTO OUTFILE statement.
This is a configuration problem. It can be easily solved by adding a password and/or changing the file_priv column to 'N' for this user in the user table in the mysql database. Nonetheless is advisable for people running mySQL to check their configuration for any users with file_priv that should not have it. Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- SECURITY: new svgalib and kbd now available, (continued)
- SECURITY: new svgalib and kbd now available Erik Troan (Mar 25)
- Sumbit Internet Account v1.1 Dax Kelson (Mar 25)
- Majordomo /tmp exploit Karl G - NOC Admin (Mar 26)
- FW: mysql: Trivial mSQL/MySQL DoS method? (fwd) Michael Widenius (Mar 26)
- Re: Majordomo /tmp exploit Steven Pritchard (Mar 26)
- easy DoS in most RPC apps Peter van Dijk (Mar 28)
- Netscape passes mailbox path and message ID as refferer Rop Gonggrijp (Mar 28)
- Hole. HKirk (Mar 28)
- Rhino9: WinGate Vulnerability Aleph One (Mar 29)
- MySQL Security Sandu Mihai (Mar 29)
- Re: MySQL Security Aleph One (Mar 29)
- Eudora Pro 4.0 attachment/long filename problem whiz (Mar 29)
- mysql: MySQL Security Michael Widenius (Mar 29)
- wtmpx utility for solaris Ryan (Mar 30)
- Re: wtmpx utility for solaris Mikael Brandstrom (Mar 31)
- Majordomo /tmp exploit Karl G - NOC Admin (Mar 26)
- HPSBUX9803-077 Security Vulnerability with inetd on HP-UX Aleph One (Mar 30)