lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH8yC8nj_Krd1QCeObwJmo3LZNnFM7VpmYDkT5dcOG6zONvopw@mail.gmail.com> Date: Wed, 5 Dec 2012 20:38:53 -0500 From: Jeffrey Walton <noloader@...il.com> To: king cope <isowarez.isowarez.isowarez@...glemail.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot) On Mon, Dec 3, 2012 at 11:03 AM, king cope <isowarez.isowarez.isowarez@...glemail.com> wrote: > Yes I agree, we should discard this default remote vulnerability > because it is documented. Devil's advocate: Does a questionable design choice/feature that is documented make it any less vulnerable? How does a Mom and Pop shop who were told to get mySQL to support <some business software> mitigate this issue when its insecure out of the box and there are no IT resources? Jeff > 2012/12/2 Sergei Golubchik <serg@...monty.org>: >> Thanks, Kurt! >> >>> 2012/12/2 Kurt Seifried <kseifried@...hat.com>: >>> >> *** FARLiGHT ELiTE HACKERS LEGACY R3L3ASE *** >>> >> >>> >> Attached is the MySQL Windows Remote Exploit (post-auth, udf >>> >> technique) including the previously released mass scanner. The >>> >> exploit is mirrored at the farlight website >>> >> http://www.farlight.org. >>> >> >>> > So in the case of this issue it appears to be documented (UDF, do >>> > not run MySQL as administrator, etc.). As I understand CVE >>> > assignment rules this issue does not require a CVE, however just to >>> > be on the safe side I'm CC'ing MySQL, Oracle, MariaDB, OSS-SEC, >>> > Steven Christey, cve-assign and OSVDB to the CC so that everyone is >>> > aware of what is going on. >> >> Just to confirm - yes, it's documented. >> >> UDF is a feature that allows to run any code in the MySQL server >> process. FILE privilege allows to create files. So yes, sure, with the >> appropriate privileges and the appropriately configured server >> one can create a file and load it as UDF. As expected. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists