Bugtraq mailing list archives
Re: potential vulnerability of mysqld running with root privileges(can be used as good DoS or r00t expoloit)
From: Sergei Golubchik <serg () MYSQL COM>
Date: Wed, 21 Mar 2001 11:31:29 +0100
Hi! On Mar 20, Scott Fagg wrote:
Works for mysql 3.23.32 running as root. I used: mysql -u root ../../../../tmp create table yikes(w int(4)); This created /tmp/yikes.*"Pavlov, Lesha" <lesha () NN RU> 19/3/01 4:32:37 am >>>Anybody, who get login and password to mysql can use it as DoS or r00t exploit because mysql accepts '../blah-blah' as valid database name and each table represented by 3 files tablename.ISD, tablename.ISM and tablename.frm, But, when mysqld checks table already exists or not exists, it checks _only_ tablename.frm :
Sorry for confusion - in my previous mail a told 3.23 is not vulnerable. Yes, it IS vulnerable, the bug would be fixed asap. Regards, Sergei -- MySQL Development Team __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Sergei Golubchik <serg () mysql com> / /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/ /_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany <___/
Current thread:
- Re: potential vulnerability of mysqld running with root privileges(can be used as good DoS or r00t expoloit) Scott Fagg (Mar 20)
- Re: potential vulnerability of mysqld running with root privileges(can be used as good DoS or r00t expoloit) Sergei Golubchik (Mar 21)
- Re: potential vulnerability of mysqld running with root privileges(can be used as good DoS or r00t expoloit) JT (Mar 22)