Security Incidents mailing list archives
Re: Probes for MySQL under Linux?
From: twells () ATG COM (Tabor J. Wells)
Date: Tue, 27 Jun 2000 21:52:58 -0400
On Tue, Jun 27, 2000 at 06:51:57PM +0200, Ralf G. R. Bergs <rabe () RWTH-Aachen DE> is thought to have said:
Hi there, I just noticed a few probes for MySQL from "cgmd70181.chello.nl" against our Linux router. A quick search on two different CERT sites produced no hits. Are there any known vulnerabilities of MySQL so that I can be confident it really was a hacking attempt? This is just out of curiosity, I definitely won't consider complaining about half a dozen probes. :-) And no, I'm not running MySQL, but I've now updated my firewall rules so that should I ever run MySQL I'm prepared. :-) Ralf
MySQL versions prior to 3.22.32 had a security hole that could cause someone who could make a specially formed query, elevate their priviledges. But they could have also just been looking for misconfigured installations of MySQL. I've seen plenty of cases where people ignore the docs and run it as root (this was what contributed to the defacement of www.apache.org not long ago), or worse run it as root with no password or acls on the login of any kind. A badly installed MySQL is a root compromise waiting to happen. Tabor -- ------------------------------------------------------------------------ Tabor J. Wells twells () atg com Systems Administrator Art Technology Group http://www.atg.com
Current thread:
- Re: blind forwards, (continued)
- Re: blind forwards John Hall (Jun 29)
- Re: blind forwards David Pick (Jun 30)
- Re: funky syslog entry UnixGeek (Jun 29)
- Re: funky syslog entry Chris West (Jun 29)
- wuftp exploit Toby Miller (Jun 28)
- Re: wuftp exploit Daniel Jacobowitz (Jun 28)
- Permissions Derick Schuetz (Jun 27)
- Re: Permissions Valdis Kletnieks (Jun 27)
- Re: Permissions Jon Lewis (Jun 27)
- Probes for MySQL under Linux? Ralf G. R. Bergs (Jun 27)
- Re: Probes for MySQL under Linux? Tabor J. Wells (Jun 27)
- Port scan (106 and 389) Chris Laycock (Jun 28)
- Compromise and Bind Replacement Scott Brown (Jun 28)
- Re: Port scan (106 and 389) Fabio Pietrosanti (Jun 28)
- Re: Probes for MySQL under Linux? Al Huger - Mail Account (Jun 28)
- Was I exploited? Narins, Joshua (Jun 29)
- Re: Was I exploited? Russ Spooner (Jun 29)
- Re: Nike Site taken over Ballard, James (Jun 27)
- port 1433? Sir Scriptzalot (Jun 25)
- Re: port 1433? Jason Witty (Jun 27)
- Port 1433 Edwin Concepcion (Jun 26)