Bugtraq mailing list archives
Re: potential vulnerability of mysqld running with root privileges
From: Sergei Golubchik <sergii () PISEM NET>
Date: Tue, 20 Mar 2001 11:18:26 +0100
Hi! On Mar 18, Pavlov, Lesha wrote:
Anybody, who get login and password to mysql can use it as DoS or r00t exploit because mysql accepts '../blah-blah' as valid database name and each table represented by 3 files tablename.ISD, tablename.ISM and tablename.frm, But, when mysqld checks table already exists or not exists, it checks _only_ tablename.frm :
[skip]
Vulnerable versions: This DoS/exploit tested on mysql-3.20.32a but i see another versions of mysql also vulnerabile.
3.20 is not simply outdated - it's VERY old. Official supported is 3.23 branch now. 3.23.1 was releases more than a year ago. And 3.23 doesn't has that bug.
Recomendations: * Patch mysql to treat database names, started by '..' as incorrect database names.
3.23 does it.
Patches: not yet
Why, there are for several years ! Regards, Sergei -- MySQL Development Team __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Sergei Golubchik <serg () mysql com> / /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/ /_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany <___/
Current thread:
- potential vulnerability of mysqld running with root privileges (can be used as good DoS or r00t expoloit) Pavlov, Lesha (Mar 19)
- Re: potential vulnerability of mysqld running with root privileges Sergei Golubchik (Mar 20)
- Re: potential vulnerability of mysqld running with root privileges (can be used as good DoS or r00t expoloit) Trond Eivind Glomsrød (Mar 21)