Bugtraq mailing list archives
mSQL vulnerability.
From: cbell () ATLAS UNION UKANS EDU (Christofer C. Bell)
Date: Wed, 17 Feb 1999 10:00:29 -0600
I'd like to point out that mSQL by default (all versions) DO NOT have hosts based access control enabled. Note that when you start the msql2d process for the first time, you see this message: Mini SQL Version 2.0.7 Copyright (c) 1993-94 David J. Hughes Copyright (c) 1995-99 Hughes Technologies Pty Ltd. All rights reserved. Loading configuration from '/usr/local/Hughes/msql.conf'. Server process reconfigured to accept 200 connections. Server running as user 'msql'. Server mode is Read/Write. Warning: No ACL file. Using global read/write access. The "Warning:" is the important part. Even if you use the provided msql.acl.sample file as your acl file, the permissions are as follows: database=test read=bambi,-root write=root host=* access=local,remote option=rfc931 database=minerva read=* write=minerva access=local This sets up some form of access restrictions on databases 'test' and 'minerva' but not on any databases YOU create. Please make sure to edit this file and use host based security. -- Christofer C. Bell Systems Analyst OSSC - Systems Management email: cbell () inetdb com Sprint Communications phone: 913-534-2535
Current thread:
- Re: [proftpd-l] root compromise ? (fwd) Rodrigo Campos (Feb 09)
- Re: [proftpd-l] root compromise ? (fwd) Joe Schmo (Feb 12)
- Re: [proftpd-l] root compromise ? (fwd) monk (Feb 13)
- Re: [proftpd-l] root compromise ? (fwd) Dirk Moerenhout (Feb 13)
- Possible Netscape Crypto Security Flaw Haze (Feb 14)
- Re: Possible Netscape Crypto Security Flaw Pete Krawczyk (Feb 16)
- snap utility for AIX. Larry W. Cashdollar (Feb 17)
- Re: snap utility for AIX. Brian Hauber (Feb 18)
- mSQL vulnerability. Christofer C. Bell (Feb 17)
- OT: Copyright on Security advisories Aviram Jenik (Feb 18)
- Re: OT: Copyright on Security advisories Doug Granzow (Feb 19)
- Re: mSQL vulnerability. John W. Temples (Feb 18)
- Re: [proftpd-l] root compromise ? (fwd) Joe Schmo (Feb 12)
- Debian GNU/Linux 2.0r5 released (fwd) Jamie Fifield (Feb 17)
- Regarding passwords in registry keys. Ash (Feb 19)
- Re: [proftpd-l] root compromise ? (fwd) Nic Bellamy (Feb 14)
- Re: ICQ99 crash Eric J. Stevens (Feb 15)
- Re: ICQ99 crash Joe Stewart (Feb 16)
- Re: ICQ99 crash Timothy Doane (Feb 16)