Security Basics mailing list archives

Re: System Hacked from MySQL Insecurities

From: Kalpin Erlangga Silaen <kalpin () solonet co id>
Date: Fri, 07 Jan 2005 08:41:27 +0700

Dear Bernie,

I am allowing port 3306 accessed from the outside world but I removeaccount which have NULL password. Actually I don't let mysql rootpassword as default, but he can guess it (weak password). In my mind nowis how can he get root shell from MySQL ? I was read mysql manual andthere is possible to create file from OUTPUT SELECT and put anyshellcode at there, but still own by mysql not root (this means is youcan't set as setuid to root).


Or... I missing something ?

bernie () e-mich com wrote:

Yes it is definately possible and easy to exploit MySQL.  Are you allowing port
3306 to accept connections from the outside world?

Also did you set a root password for root, as the deafult install does not?

Are you runing a firewall, and if you are are you only allowing access to port
3306 from certain IP's or subnets.

These are all questions that you should know the answer too or you sahould not
be running a public database server.  If you cannot answer these questions and
need some help let me know, I will try to help if I can.

B. Johnson


Quoting Kalpin Erlangga Silaen <kalpin () solonet co id>:

Dear all,

several days ago, someone hacked my test box using the latest FreeBSD.
He explained that he rooted my box because he knows my root mysql
password. Is it possible to hack system via MySQL ? or he just tricked
me and try hide his way ? I am using MySQL 4.0.18 for FreeBSD.
My details system:

OS: FreeBSD 5.1
MySQL version: 4.0.18
Port : 3306

I opened port 3306 from Internet, so people can use this if they have
access/username to MySQL.

Thank you.

--
---
Kalpin Erlangga Silaen
mailto: kalpin () solonet co id
URL: http://www.warningnews.com
YM: kalpinus
MSN: kalpinus
IRC: mesra.dal.net nick Kalpin





----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


--
---
Kalpin Erlangga Silaen
mailto: kalpin () solonet co id
URL: http://www.warningnews.com
YM: kalpinus
MSN: kalpinus
IRC: mesra.dal.net nick Kalpin

Current thread:

System Hacked from MySQL Insecurities Kalpin Erlangga Silaen (Jan 06)
- RE: System Hacked from MySQL Insecurities Shawn Wall (Jan 06)
- Re: System Hacked from MySQL Insecurities bernie (Jan 07)
  - Re: System Hacked from MySQL Insecurities Kalpin Erlangga Silaen (Jan 07)
- Re: System Hacked from MySQL Insecurities Danux (Jan 07)
- <Possible follow-ups>
- RE: System Hacked From MySQL Insecurities Saint Anthony (Jan 07)
- RE: System Hacked from MySQL Insecurities Ed Gorski (Jan 07)
  - RE: System Hacked from MySQL Insecurities Kalpin Erlangga Silaen (Jan 10)
    - Re: System Hacked from MySQL Insecurities q q (Jan 14)