Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Probes for MySQL under Linux?

From: twells () ATG COM (Tabor J. Wells)
Date: Tue, 27 Jun 2000 21:52:58 -0400

On Tue, Jun 27, 2000 at 06:51:57PM +0200,
Ralf G. R. Bergs <rabe () RWTH-Aachen DE> is thought to have said:


Hi there,

I just noticed a few probes for MySQL from "cgmd70181.chello.nl" against our
Linux router. A quick search on two different CERT sites produced no hits.

Are there any known vulnerabilities of MySQL so that I can be confident it
really was a hacking attempt? This is just out of curiosity, I definitely
won't consider complaining about half a dozen probes. :-)

And no, I'm not running MySQL, but I've now updated my firewall rules so that
should I ever run MySQL I'm prepared. :-)

Ralf


MySQL versions prior to 3.22.32 had a security hole that could cause
someone who could make a specially formed query, elevate their priviledges.
But they could have also just been looking for misconfigured installations
of MySQL. I've seen plenty of cases where people ignore the docs and run it
as root (this was what contributed to the defacement of www.apache.org not
long ago), or worse run it as root with no password or acls on the login of
any kind.

A badly installed MySQL is a root compromise waiting to happen.

Tabor

--
------------------------------------------------------------------------
Tabor J. Wells                                            twells () atg com
Systems Administrator
Art Technology Group                                  http://www.atg.com
Previous By Date Next
Previous By Thread Next

Current thread: