lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Dec 2012 17:03:40 +0100 From: king cope <isowarez.isowarez.isowarez@...glemail.com> To: Kurt Seifried <kseifried@...hat.com>, security@...iadb.org, ritwik.ghoshal@...cle.com, security@...ql.com, full-disclosure@...ts.grok.org.uk, moderators@...db.org, coley@...re.org, cve-assign@...re.org Subject: Re: MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot) Yes I agree, we should discard this default remote vulnerability because it is documented. 2012/12/2 Sergei Golubchik <serg@...monty.org>: > Thanks, Kurt! > >> 2012/12/2 Kurt Seifried <kseifried@...hat.com>: >> >> *** FARLiGHT ELiTE HACKERS LEGACY R3L3ASE *** >> >> >> >> Attached is the MySQL Windows Remote Exploit (post-auth, udf >> >> technique) including the previously released mass scanner. The >> >> exploit is mirrored at the farlight website >> >> http://www.farlight.org. >> >> >> > So in the case of this issue it appears to be documented (UDF, do >> > not run MySQL as administrator, etc.). As I understand CVE >> > assignment rules this issue does not require a CVE, however just to >> > be on the safe side I'm CC'ing MySQL, Oracle, MariaDB, OSS-SEC, >> > Steven Christey, cve-assign and OSVDB to the CC so that everyone is >> > aware of what is going on. > > Just to confirm - yes, it's documented. > > UDF is a feature that allows to run any code in the MySQL server > process. FILE privilege allows to create files. So yes, sure, with the > appropriate privileges and the appropriately configured server > one can create a file and load it as UDF. As expected. > > Regards, > Sergei > MariaDB Security Coordinator > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists