Bugtraq mailing list archives
Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
From: Sergei Golubchik <serg () askmonty org>
Date: Mon, 3 Dec 2012 08:51:35 +0100
Hi, king cope! On Dec 02, king cope wrote:
Hi, My opinion is that the FILE to admin privilege elevation should be patched. What is the reason to have FILE and ADMIN privileges seperated when with this exploit FILE privileges equate to ALL ADMIN privileges. I understand that it's insecure to have FILE privileges attached to a user. But if this a configuration issue and not a vulnerability then as stated above there must be something wrong with the privilege management in this SQL server.
You've missed that part of my reply:
Additionally, MySQL (and MariaDB) provides a --secure-file-priv option that allows to restrict all FILE operations to a specific directory.
Normally, if a DBA wants to grant FILE privilege to users, the server will have something like secure-file-priv=/tmp/mysql (for example) specified in the configuration file. This way any operation allowed by the FILE privilege (like SELECT ... OUTFILE) will only be able to access files under the /tmp/mysql/ path. Regards, Sergei
Current thread:
- MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope (Dec 03)
- Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Jeffrey Walton (Dec 03)
- Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Kurt Seifried (Dec 03)
- Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 03)
- Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Huzaifa Sidhpurwala (Dec 03)
- Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 03)
- Message not available
- Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Yves-Alexis Perez (Dec 03)
- Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope (Dec 03)
- Message not available
- Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 03)