Bugtraq mailing list archives
Re: Some more MySql security issues
From: Konrad Rieck <kr () R0Q CX>
Date: Sun, 11 Feb 2001 00:40:48 +0100
I am a little bit confused about this mail. Maybe the author can explain some issues to me... On Sat, Feb 10, 2001 at 12:54:33AM -0000, Joao Gouveia wrote:
roberto@spike:~ > mysql -ublaah (Note: 'blaah' obviously isn't a valid username)
You seem to have a strange configuration of mysql. By default only valid users are allowed to connect to the database. So the overflow in "drop database" can only be used by users of mysql. Well anyway, a security problem that can lead to the privileges the mysqld is running under, but not as simple as you show above.
/home/jroberto/httpd/mysql/bin/mysql -h`perl -e'printf("A"x200)'`
This is a nice example of bad code, but not a security issue, I could show up a 100 of programs that simply don't care for *argv parameters. You don't gain anything by exploiting such overflows in non-suid programs. Regards, Konrad -- Konrad Rieck <kr () r0q cx> Roqefellaz - http://www.r0q.cx, GPG Public Key http://www.r0q.cx/keys/kr.pub -- Fingerprint: 3AA8 CF92 C179 9760 C3B3 1B43 33B6 9221 AFBF 5897
Current thread:
- Some more MySql security issues Joao Gouveia (Feb 10)
- Re: Some more MySql security issues Konrad Rieck (Feb 12)
- Re: Some more MySql security issues Tim Yardley (Feb 12)
- Re: Some more MySql security issues Konrad Rieck (Feb 12)
- Re: Some more MySql security issues Joao Gouveia (Feb 13)
- Re: Some more MySql security issues Tim Yardley (Feb 13)
- Re: Some more MySql security issues Tim Yardley (Feb 12)
- Re: Some more MySql security issues Peter van Dijk (Feb 12)
- Re: Some more MySql security issues Carsten H. Pedersen (Feb 12)
- Re: Some more MySql security issues Konrad Rieck (Feb 12)
- Re: Some more MySql security issues Theodor Milkov (Feb 12)
- <Possible follow-ups>
- Re: Some more MySql security issues Hector A.Paterno (Feb 13)