Bugtraq mailing list archives

Re: potential vulnerability of mysqld running with root privileges(can be used as good DoS or r00t expoloit)

From: Sergei Golubchik <serg () MYSQL COM>
Date: Wed, 21 Mar 2001 11:31:29 +0100

Hi!

On Mar 20, Scott Fagg wrote:

Works for mysql 3.23.32 running as root.

I used:

mysql -u root ../../../../tmp
create table yikes(w int(4));

This created /tmp/yikes.*

"Pavlov, Lesha" <lesha () NN RU> 19/3/01 4:32:37 am >>>

Anybody, who get login and password to mysql can use it as DoS or r00t
exploit because mysql accepts '../blah-blah' as valid database name and
each table represented by 3 files tablename.ISD, tablename.ISM and
tablename.frm, But, when mysqld checks table already exists or not
exists, it checks _only_ tablename.frm :


Sorry for confusion - in my previous mail a told 3.23 is not vulnerable.
Yes, it IS vulnerable, the bug would be fixed asap.

Regards,
Sergei

--
MySQL Development Team
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /   Sergei Golubchik <serg () mysql com>
 / /|_/ / // /\ \/ /_/ / /__  MySQL AB, http://www.mysql.com/
/_/  /_/\_, /___/\___\_\___/  Osnabrueck, Germany
       <___/

Current thread:

Re: potential vulnerability of mysqld running with root privileges(can be used as good DoS or r00t expoloit) Scott Fagg (Mar 20)
- Re: potential vulnerability of mysqld running with root privileges(can be used as good DoS or r00t expoloit) Sergei Golubchik (Mar 21)
- Re: potential vulnerability of mysqld running with root privileges(can be used as good DoS or r00t expoloit) JT (Mar 22)