Bugtraq mailing list archives
Re: mSQL vulnerability.
From: john () KUWAIT NET (John W. Temples)
Date: Thu, 18 Feb 1999 15:32:20 -0800
On Wed, 17 Feb 1999, Christofer C. Bell wrote:
I'd like to point out that mSQL by default (all versions) DO NOT have hosts based access control enabled.
This was noted in Bugtraq long ago, but isn't entirely true with recent versions. Remote access is disabled by default going back to at least version 2.0.4.1. There are new "Remote_Access" and "Local_Access" keywords in msql.conf, set by default to False and True, respectively, in the included sample file. These keywords take precedence over the "access" keyword in msql.acl. What hasn't changed in recent versions is that all databases have unrestricted local access by default. I still believe it would be wise for mSQL to ship with a default msql.acl file that denies all access. -- John W. Temples, III || Providing the first public access Internet Gulfnet Kuwait || site in the Arabian Gulf region
Current thread:
- Re: [proftpd-l] root compromise ? (fwd), (continued)
- Re: [proftpd-l] root compromise ? (fwd) Joe Schmo (Feb 12)
- Re: [proftpd-l] root compromise ? (fwd) monk (Feb 13)
- Re: [proftpd-l] root compromise ? (fwd) Dirk Moerenhout (Feb 13)
- Possible Netscape Crypto Security Flaw Haze (Feb 14)
- Re: Possible Netscape Crypto Security Flaw Pete Krawczyk (Feb 16)
- snap utility for AIX. Larry W. Cashdollar (Feb 17)
- Re: snap utility for AIX. Brian Hauber (Feb 18)
- mSQL vulnerability. Christofer C. Bell (Feb 17)
- OT: Copyright on Security advisories Aviram Jenik (Feb 18)
- Re: OT: Copyright on Security advisories Doug Granzow (Feb 19)
- Re: mSQL vulnerability. John W. Temples (Feb 18)
- Re: [proftpd-l] root compromise ? (fwd) Joe Schmo (Feb 12)
- Debian GNU/Linux 2.0r5 released (fwd) Jamie Fifield (Feb 17)
- Regarding passwords in registry keys. Ash (Feb 19)
- Re: [proftpd-l] root compromise ? (fwd) Nic Bellamy (Feb 14)
- Re: ICQ99 crash Eric J. Stevens (Feb 15)
- Re: ICQ99 crash Joe Stewart (Feb 16)
- Re: ICQ99 crash Timothy Doane (Feb 16)