[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Mysql 3.23.x/4.0.x Remote Root Exploit

To: Jedi/Sector One <j@xxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Mysql 3.23.x/4.0.x Remote Root Exploit
From: Melvyn Sopacua <msopacua@xxxxxx>
Date: Mon, 15 Sep 2003 16:29:06 +0200

At 15:16 14-9-2003, Jedi/Sector One wrote:

On Sun, Sep 14, 2003 at 05:59:59AM -0700, Elv1S wrote:
> http://www.k-otik.com/exploits/09.14.mysql.c.php
> don't know if this vuln is patched ?

  Yes, just upgrade MySQL to 4.0.15 or apply the small patch posted in the
advisory.


Actually - there's a very simple work-around, based upon the age old 
"chicken
and egg principle":
In order to exploit this bug, you need to have ALTER privileges on the
mysql.user table.
Just grant that privilege only to a trusted *local* account (say 'root') and
you're home free. Make sure only trusted persons know that password and don't
store it anywhere digitally (remember to remove ~/.mysql_history after
changing the password).

Met vriendelijke groeten / With kind regards,

Webmaster IDG.nl
Melvyn Sopacua

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Mysql 3.23.x/4.0.x Remote Root Exploit
  - From: Elv1S
- Re: [Full-Disclosure] Mysql 3.23.x/4.0.x Remote Root Exploit
  - From: Jedi/Sector One

Prev by Date: [Full-Disclosure] ID tags in rental / high-priced retail suits? (was: Administrivia: Noise and Politics)
Next by Date: [Full-Disclosure] [OpenPKG-SA-2003.039] OpenPKG Security Advisory (perl)
Previous by thread: Re: [Full-Disclosure] Mysql 3.23.x/4.0.x Remote Root Exploit
Next by thread: Re: [Full-Disclosure] Mysql 3.23.x/4.0.x Remote Root Exploit
Index(es):
- Date
- Thread