Full Disclosure mailing list archives
Re: Mysql 3.23.x/4.0.x Remote Root Exploit
From: Andreas Gietl <a.gietl () e-admin de>
Date: Sun, 14 Sep 2003 15:14:31 +0200
On Sunday 14 September 2003 14:59, Elv1S wrote:
no comment ... http://www.k-otik.com/exploits/09.14.mysql.c.php
This is NO ROOT exploit. To exploit the vuln you need the mysql-root and remote-access for mysql-root-user must be allowed! After the exploit worked you don't have root-access but access with the user mysqld is running in.
don't know if this vuln is patched ?
Vuln is patched in 4.0.15
--------------------------------- Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software
-- e-admin internet gmbh Andreas Gietl tel +49 941 3810884 Ludwig-Thoma-Strasse 35 fax +49 (0)1805/39160 - 29104 93051 Regensburg mobil +49 171 6070008 PGP/GPG-Key unter http://www.e-admin.de/gpg.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Mysql 3.23.x/4.0.x Remote Root Exploit Elv1S (Sep 14)
- Re: Mysql 3.23.x/4.0.x Remote Root Exploit Andreas Gietl (Sep 14)
- Re: Mysql 3.23.x/4.0.x Remote Root Exploit Jedi/Sector One (Sep 14)
- Re: Mysql 3.23.x/4.0.x Remote Root Exploit Melvyn Sopacua (Sep 15)
- Re: Mysql 3.23.x/4.0.x Remote Root Exploit Kilian CAVALOTTI (Sep 14)