List:Bugs« Previous MessageNext Message »
From:Nick Lindridge Date:May 30 2000 11:23pm
Subject:No Risk - Re: serious bug allows anyone access to database as root
View as plain text  
Hi,

What brad notes is only half true - at least on my 3.22.32 and I suspect that
on his system doing 

	mysql -u mickeymouse-p

will work just as well. The test is to then try and USE the mysql db as 
follows. First a legitimate root access

mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4776 to server version: 3.22.32

Type 'help' for help.

mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> Bye


Now Brad's access:

mysql -u root-p 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4777 to server version: 3.22.32

Type 'help' for help.

mysql> use mysql
ERROR 1044: Access denied for user: '@localhost' to database 'mysql'
mysql> Bye


Apologies for copying to the Bugs list but merited in this case I believe, and
please correct me if there is indeed a risk here but I believe there not to be.

Nick




On Tue, May 30, 2000 at 05:48:24PM -0400, Brad Johnson wrote:
> I'm using mysql 3.22.32 on Linux 2.2.14 kernel, and I believe that I've found
> a major problem.
> 
> If, at the command line, I type 
> 
>   $ mysql -u root -p
> 
> I get a password prompt, just like I should.  However, if I type
> 
>   $ mysql -u root-p
> 
> without the space after the "root," it lets me right in.  I can do this as
> any user, and I can repeat it over and over.  This seems to be a serious
> vulnerability.
> 
> Brad Johnson
> UNIX Systems Administrator
> Trivergent Communications, INC.
> 
> 
> ---------------------------------------------------------------------
> Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before
> posting. To request this thread, e-mail bugs-thread165@stripped
> 
> To unsubscribe, send a message to the address shown in the
> List-Unsubscribe header of this message. If you cannot see it,
> e-mail bugs-unsubscribe@stripped instead.
Thread
substring incorrect syntax causes crashJohn Calder30 May
  • substring incorrect syntax causes crashMichael Widenius30 May
    • serious bug allows anyone access to database as rootBrad Johnson30 May
      • RE: serious bug allows anyone access to database as rootjason30 May
      • Re: serious bug allows anyone access to database as rootMichael Labbe30 May
      • No Risk - Re: serious bug allows anyone access to database as rootNick Lindridge31 May
RE: serious bug allows anyone access to database as rootMatt Vermette30 May
  • Re: serious bug allows anyone access to database as rootsasha31 May
    • Re: serious bug allows anyone access to database as rootMichael Widenius5 Jun