Full Disclosure mailing list archives

Re: Mysql 3.23.x/4.0.x Remote Root Exploit

From: Andreas Gietl <a.gietl () e-admin de>
Date: Sun, 14 Sep 2003 15:14:31 +0200

On Sunday 14 September 2003 14:59, Elv1S wrote:

no comment ...

http://www.k-otik.com/exploits/09.14.mysql.c.php


This is NO ROOT exploit. 

To exploit the vuln you need the mysql-root and remote-access for 
mysql-root-user must be allowed!

After the exploit worked you don't have root-access but access with the user 
mysqld is running in.


don't know if this vuln is patched ?


Vuln is patched in 4.0.15




---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software


-- 
e-admin internet gmbh
Andreas Gietl                                            tel +49 941 3810884
Ludwig-Thoma-Strasse 35                      fax +49 (0)1805/39160 - 29104
93051 Regensburg                                  mobil +49 171 6070008

PGP/GPG-Key unter http://www.e-admin.de/gpg.html




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Mysql 3.23.x/4.0.x Remote Root Exploit Elv1S (Sep 14)
- Re: Mysql 3.23.x/4.0.x Remote Root Exploit Andreas Gietl (Sep 14)
- Re: Mysql 3.23.x/4.0.x Remote Root Exploit Jedi/Sector One (Sep 14)
  - Re: Mysql 3.23.x/4.0.x Remote Root Exploit Melvyn Sopacua (Sep 15)
- Re: Mysql 3.23.x/4.0.x Remote Root Exploit Kilian CAVALOTTI (Sep 14)