| List: | Bugs | « Previous MessageNext Message » | |
| From: | Michael Labbe | Date: | May 30 2007 10:27pm |
| Subject: | Re: serious bug allows anyone access to database as root | ||
| View as plain text | |||
Brad Johnson wrote: > > I'm using mysql 3.22.32 on Linux 2.2.14 kernel, and I believe that I've found > a major problem. > > If, at the command line, I type > > $ mysql -u root -p > > I get a password prompt, just like I should. However, if I type > > $ mysql -u root-p > > without the space after the "root," it lets me right in. I can do this as > any user, and I can repeat it over and over. This seems to be a serious > vulnerability. > > Brad Johnson > UNIX Systems Administrator > Trivergent Communications, INC. I am unable to repeat with 3.22.16a-gamma, for pc-linux-gnu (i686): ERROR 1044: Access denied for user: '@localhost' to database 'ebook' You may want to check your configuration. -- Michael Labbe Systems Programmer Internet Marketing Center Work: (604)730-2833
| Thread | ||
|---|---|---|
| • substring incorrect syntax causes crash | John Calder | 30 May |
| • substring incorrect syntax causes crash | Michael Widenius | 30 May |
| • serious bug allows anyone access to database as root | Brad Johnson | 30 May |
| • RE: serious bug allows anyone access to database as root | jason | 30 May |
| • Re: serious bug allows anyone access to database as root | Michael Labbe | 30 May |
| • No Risk - Re: serious bug allows anyone access to database as root | Nick Lindridge | 31 May |
| • RE: serious bug allows anyone access to database as root | Matt Vermette | 30 May |
| • Re: serious bug allows anyone access to database as root | sasha | 31 May |
| • Re: serious bug allows anyone access to database as root | Michael Widenius | 5 Jun |