Bugtraq mailing list archives

Re: mSQL vulnerability.

From: john () KUWAIT NET (John W. Temples)
Date: Thu, 18 Feb 1999 15:32:20 -0800


On Wed, 17 Feb 1999, Christofer C. Bell wrote:

I'd like to point out that mSQL by default (all versions) DO NOT have
hosts based access control enabled.


This was noted in Bugtraq long ago, but isn't entirely true with recent
versions.

Remote access is disabled by default going back to at least version
2.0.4.1.  There are new "Remote_Access" and "Local_Access" keywords in
msql.conf, set by default to False and True, respectively, in the
included sample file.  These keywords take precedence over the "access"
keyword in msql.acl.

What hasn't changed in recent versions is that all databases have
unrestricted local access by default.  I still believe it would be wise
for mSQL to ship with a default msql.acl file that denies all access.

--
John W. Temples, III       ||       Providing the first public access Internet
Gulfnet Kuwait             ||            site in the Arabian Gulf region

Current thread:

Re: [proftpd-l] root compromise ? (fwd), (continued)
- Re: [proftpd-l] root compromise ? (fwd) Joe Schmo (Feb 12)
  - Re: [proftpd-l] root compromise ? (fwd) monk (Feb 13)
  - Re: [proftpd-l] root compromise ? (fwd) Dirk Moerenhout (Feb 13)
    - Possible Netscape Crypto Security Flaw Haze (Feb 14)
    - Re: Possible Netscape Crypto Security Flaw Pete Krawczyk (Feb 16)
    - snap utility for AIX. Larry W. Cashdollar (Feb 17)
    - Re: snap utility for AIX. Brian Hauber (Feb 18)
    - mSQL vulnerability. Christofer C. Bell (Feb 17)
    - OT: Copyright on Security advisories Aviram Jenik (Feb 18)
    - Re: OT: Copyright on Security advisories Doug Granzow (Feb 19)
    - Re: mSQL vulnerability. John W. Temples (Feb 18)
    - Debian GNU/Linux 2.0r5 released (fwd) Jamie Fifield (Feb 17)
    - Regarding passwords in registry keys. Ash (Feb 19)
    - Re: [proftpd-l] root compromise ? (fwd) Nic Bellamy (Feb 14)
  - ICQ99 crash loser (Feb 14)
    - Re: ICQ99 crash Eric J. Stevens (Feb 15)
    - Re: ICQ99 crash Joe Stewart (Feb 16)
    - Re: ICQ99 crash Timothy Doane (Feb 16)
    - Website Pro v2.0 (NT) Configuration Issues Christian Antkow (Feb 16)
    - [HERT] Advisory #002 Buffer overflow in lsof Anthony C . Zboralski (Feb 17)
    - [SECURITY] New versions of super fixes two buffer overflows joey () FINLANDIA INFODROM NORTH DE (Feb 18)

(Thread continues...)