Full Disclosure mailing list archives

Re: Mysql 3.23.x/4.0.x Remote Root Exploit

From: Melvyn Sopacua <msopacua () idg nl>
Date: Mon, 15 Sep 2003 16:29:06 +0200

At 15:16 14-9-2003, Jedi/Sector One wrote:

On Sun, Sep 14, 2003 at 05:59:59AM -0700, Elv1S wrote:
> http://www.k-otik.com/exploits/09.14.mysql.c.php
> don't know if this vuln is patched ?

  Yes, just upgrade MySQL to 4.0.15 or apply the small patch posted in the
advisory.


Actually - there's a very simple work-around, based upon the age old "chicken
and egg principle":
In order to exploit this bug, you need to have ALTER privileges on the
mysql.user table.
Just grant that privilege only to a trusted *local* account (say 'root') and
you're home free. Make sure only trusted persons know that password and don't
store it anywhere digitally (remember to remove ~/.mysql_history after
changing the password).



Met vriendelijke groeten / With kind regards,

Webmaster IDG.nl
Melvyn Sopacua

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Mysql 3.23.x/4.0.x Remote Root Exploit Elv1S (Sep 14)
- Re: Mysql 3.23.x/4.0.x Remote Root Exploit Andreas Gietl (Sep 14)
- Re: Mysql 3.23.x/4.0.x Remote Root Exploit Jedi/Sector One (Sep 14)
  - Re: Mysql 3.23.x/4.0.x Remote Root Exploit Melvyn Sopacua (Sep 15)
- Re: Mysql 3.23.x/4.0.x Remote Root Exploit Kilian CAVALOTTI (Sep 14)