[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)



Hello Kurt,
thanks for catching up and coordinating the CVEs.
It has to be mentioned that the MySQL on Windows RCE applies to the
default install
of the Windows MySQL installer package. If the default options are set
the server is vulnerable out of the box.

Greetings,

Kingcope

2012/12/2 Kurt Seifried <kseifried@xxxxxxxxxx>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/01/2012 11:41 AM, king cope wrote:
>> *** FARLiGHT ELiTE HACKERS LEGACY R3L3ASE ***
>>
>> Attached is the MySQL Windows Remote Exploit (post-auth, udf
>> technique) including the previously released mass scanner. The
>> exploit is mirrored at the farlight website
>> http://www.farlight.org.
>>
>> Cheerio,
>>
>> Kingcope
>
> So in the case of this issue it appears to be documented (UDF, do not
> run MySQL as administrator, etc.). As I understand CVE assignment
> rules this issue does not require a CVE, however just to be on the
> safe side I'm CC'ing MySQL, Oracle, MariaDB, OSS-SEC, Steven Christey,
> cve-assign and OSVDB to the CC so that everyone is aware of what is
> going on.
>
> - --
> Kurt Seifried Red Hat Security Response Team (SRT)
> PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iQIcBAEBAgAGBQJQuvLHAAoJEBYNRVNeJnmT9qkQAJQpvJbzLGsgqaX514YqIdIv
> cxa7hjTeTEJQk6M9Do2QRdzUekUqNc6rAVW06TAnnSjE1aBoiFmpKqr38VzD/7BX
> 27ZuSpEPHeVYqKwruMzmV51b/0/4C5TqVRhgC5vxW9iXHUp2srKvaSxYlnZ6aRg4
> R8vXbYc+FDW2T5bL0EFe0YTRnzKAyvvrAVsbKfI0iQZ/oVvOZcZ7k4HEyhfphzCZ
> rQuMkJMKYJ1VnzbWN1UWihWq3YF9Ciusw1wGJu4dLjjoMGzZvLZh3s6WzoITRA2y
> TAxAAa/40ZfF1ONJQ0/SKCGsQtABJiT0PXVB9jBLwnLsHYAXgLzz200vn2DvOz/g
> dNHj17gcBlyIlTJfYHvnRw5F0igixTevDI6QxsefrECFJOs5zCFaiB71jcrMVOAT
> PLyapA4+oJdtpPgIwF3CozwzVpRSZmJ9fjkJEpVWjZP3TZGM94Xm+B/tlGrrzCSr
> zM2hBG3JRAoCNW48Wdf0MLe6FEAHoQSGVqBVmjqjohPqQ1eoJXOoz0xl6NsD5HRb
> VQJsx9G1L8u6T0F4C8cC6v+QJKASF+/ZxLfprU8W8IuZZ9CmVxoMht0Ny82nnKkc
> MdezH/13+WfmuAZ+yxtRgC7h5pHN3phSKFVlNiGm07hlnFW0igwGi176xTo/pX3K
> 0WF2FT8pjtvcglpV+uez
> =JAto
> -----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/