Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: mSQL vulnerability.

From: bambi () HUGHES COM AU (David J. Hughes)
Date: Fri, 19 Feb 1999 13:58:53 +1000

On Wed, 17 Feb 1999, Christofer C. Bell wrote:


I'd like to point out that mSQL by default (all versions) DO NOT have
hosts based access control enabled.  Note that when you start the msql2d
process for the first time, you see this message:


This is _not_ correct.

By default, mSQL is configured to run with Remote_Access disabled (via the
msql.conf file or the internal default config settings).  This implies
that, by default, the mSQL server will not even create a TCP socket.  Host
based access control is only used if you modify the configuration and
explicitly enable remote access to the server.

The Remote_Access config option was added in the 2.0.4 release of mSQL
back in May 1988.


Bambi
...

   /   /            /             David J. Hughes      Bambi () Hughes com au
  /___/       ___  /__  ___  ___  Managing Director    Hughes Technologies
 /   / /  /  /  / /  / /__/ /__   Fax:+61 7 3302 2199  http://Hughes.com.au
/   / /__/  /__/ /  / /__  ___/   _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/
            __/
Previous By Date Next
Previous By Thread Next

Current thread: