Bugtraq mailing list archives
Re: Some more MySql security issues
From: Peter van Dijk <peter () DATALOSS NL>
Date: Mon, 12 Feb 2001 19:53:35 +0100
On Sun, Feb 11, 2001 at 12:40:48AM +0100, Konrad Rieck wrote:
I am a little bit confused about this mail. Maybe the author can explain some issues to me... On Sat, Feb 10, 2001 at 12:54:33AM -0000, Joao Gouveia wrote:roberto@spike:~ > mysql -ublaah (Note: 'blaah' obviously isn't a valid username)You seem to have a strange configuration of mysql. By default only valid users are allowed to connect to the database. So the overflow in "drop database" can only be used by users of mysql. Well anyway, a security problem that can lead to the privileges the mysqld is running under, but not as simple as you show above.
A very irrelevant issue. The note about the obviously valid username is incorrect, that is a configuration issue. It doesn't, however, make the problem any less.
/home/jroberto/httpd/mysql/bin/mysql -h`perl -e'printf("A"x200)'`This is a nice example of bad code, but not a security issue, I could show up a 100 of programs that simply don't care for *argv parameters. You don't gain anything by exploiting such overflows in non-suid programs.
It, however, shows bad coding habits. Also, lots of programs might be used in an 'privilege-elevated situation'. The overflows in 'host' and 'nslookup' have been fixed for real reasons. Those same reasons may apply to the mysql console client. Greetz, Peter.
Current thread:
- Some more MySql security issues Joao Gouveia (Feb 10)
- Re: Some more MySql security issues Konrad Rieck (Feb 12)
- Re: Some more MySql security issues Tim Yardley (Feb 12)
- Re: Some more MySql security issues Konrad Rieck (Feb 12)
- Re: Some more MySql security issues Joao Gouveia (Feb 13)
- Re: Some more MySql security issues Tim Yardley (Feb 13)
- Re: Some more MySql security issues Tim Yardley (Feb 12)
- Re: Some more MySql security issues Peter van Dijk (Feb 12)
- Re: Some more MySql security issues Carsten H. Pedersen (Feb 12)
- Re: Some more MySql security issues Konrad Rieck (Feb 12)
- Re: Some more MySql security issues Theodor Milkov (Feb 12)
- <Possible follow-ups>
- Re: Some more MySql security issues Hector A.Paterno (Feb 13)