List:Bugs« Previous MessageNext Message »
From:sasha Date:May 30 2000 11:14pm
Subject:Re: serious bug allows anyone access to database as root
View as plain text  
Matt Vermette wrote:
> 
> I have been able to replicate this on RedHat 6.2, Kernel 2.2.15 compiled on an i486,
> with MySQL 3.22.32


The problem has to do with the fact that by default, the priv system allows you
to connect as any user to the from localhost because of % entry in the user
table - to fix:

mysql -uroot mysql
mysql>delete from user where user = '%';
mysql>flush privileges;






> 
> On Wed, 31 May 2000 08:17:20 +1000, jason wrote:
> 
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >>I'm using mysql 3.22.32 on Linux 2.2.14 kernel, and I believe that
> >>I've found a major problem.
> >>
> >>If, at the command line, I type
> >>
> >>  $ mysql -u root -p
> >>
> >>I get a password prompt, just like I should.  However, if I type
> >>
> >>  $ mysql -u root-p
> >>
> >>without the space after the "root," it lets me right in.  I can do
> >>this as any user, and I can repeat it over and over.  This seems to be
> >>a serious vulnerability.
> >
> >I'm unable to repeat on
> >
> >  mysql  Ver 9.37 Distrib 3.22.29, for sun-solaris2.5.1 (sparc)
> >
> >and on
> >
> >  mysql  Ver 9.38 Distrib 3.22.32, for Win95/Win98 (i586)
> >
> >on both I get what I'd expect
> >
> >  ERROR 1045: Access denied for user: 'root-p@localhost' (Using
> >password: NO)
> >
> >- --
> >  jason - elephant@stripped -
> >
> >-----BEGIN PGP SIGNATURE-----
> >Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
> >
> >iQA/AwUBOTTKkDYpBpopJvWUEQJkgACeLLTmzdVtow0Hmd4pIVm2CEo/TacAoKPW
> >E/OMqUoBxXOe261u4B3dNNkp
> >=qPP+
> >-----END PGP SIGNATURE-----
> >
> >
> >---------------------------------------------------------------------
> >Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before
> >posting. To request this thread, e-mail bugs-thread166@stripped
> >
> >To unsubscribe, send a message to the address shown in the
> >List-Unsubscribe header of this message. If you cannot see it,
> >e-mail bugs-unsubscribe@stripped instead.
> 
> Matt B. Vermette, President
> MOTAS INC.
> www.motas.on.ca
> 
> ---------------------------------------------------------------------
> Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before
> posting. To request this thread, e-mail bugs-thread168@stripped
> 
> To unsubscribe, send a message to the address shown in the
> List-Unsubscribe header of this message. If you cannot see it,
> e-mail bugs-unsubscribe@stripped instead.

-- 
Sasha Pachev

+------------------------------------------------------------------+
|     /*/\*\/\*\   /*/ \*\ /*/ \*\ |*|     Sasha Pachev            |
|    /*/ /*/ /*/   \*\_   |*|   |*||*|     mailto:sasha@stripped  |
|   /*/ /*/ /*/\*\/*/  \*\|*|   |*||*|     Provo, Utah, USA        |
|  /*/     /*/  /*/\*\_/*/ \*\_/*/ |*|____                         |
|  ^^^^^^^^^^^^/*/^^^^^^^^^^^\*\^^^^^^^^^^^                        |
|             /*/             \*\ Developers Team                  |
+------------------------------------------------------------------+
Thread
substring incorrect syntax causes crashJohn Calder30 May
  • substring incorrect syntax causes crashMichael Widenius30 May
    • serious bug allows anyone access to database as rootBrad Johnson30 May
      • RE: serious bug allows anyone access to database as rootjason30 May
      • Re: serious bug allows anyone access to database as rootMichael Labbe30 May
      • No Risk - Re: serious bug allows anyone access to database as rootNick Lindridge31 May
RE: serious bug allows anyone access to database as rootMatt Vermette30 May
  • Re: serious bug allows anyone access to database as rootsasha31 May
    • Re: serious bug allows anyone access to database as rootMichael Widenius5 Jun