exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

mysql-05172005.txt

mysql-05172005.txt
Posted Aug 14, 2005
Authored by Eric Romang

MySQL contains a security flaw that can allow a local attacker the ability to commit SQL injection attacks.

tags | advisory, local, sql injection
SHA-256 | a6162c7a6873c2af86c56725d216d20b2735c99db4b74692c0a079b627ea6131

mysql-05172005.txt

Change Mirror Download

--Apple-Mail-1-580636551
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=US-ASCII;
delsp=yes;
format=flowed

#########################################################
MySQL mysql_install_db data manipulation
vendor: http://www.mysql.com
advisory: http://www.zataz.net/adviso/mysql-05172005.txt
vendor informed: yes exploit available:no

#########################################################

MySQL contain a security flaw how could
allow a malicious local attacker to inject arbitrary SQL commands
during database creation process.

For exemple : A malicious local attacker could create an mysql account
accessible from local (or everywhere) with ALL privileges on all
databases;

##########
versions:
##########

MySQL < 4.0.12
MySQL <= 5.0.4

##########
Solution:
##########

For MySQL 4.0.x update to the new version 4.0.12
MySQL 5.0.4 still vulnerable.

#########
timeline:
#########

discovered : 2005-05-07
vendor notified : 2005-05-09
vendor response : 2005-05-09
vendor fix : 2005-05-17
disclosure : 2005-05-17

#####################
Technical details :
#####################

tmp_file=/tmp/mysql_install_db.$$

Then on :

226 echo "use mysql;" > $tmp_file
227 cat $tmp_file $fill_help_tables | eval
"$mysqld_install_cmd_line"
228 res=$?
229 rm $tmp_file

#####################
Credits :
#####################

Eric Romang (eromang@zataz.net - ZATAZ)
Thxs to Gentoo Security Team. (Taviso, Sune, jaervosz, etc.)



--Apple-Mail-1-580636551
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=ISO-8859-1

<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#########################################################</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">MySQL mysql_install_db data manipulation</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">vendor: <A =
href=3D"http://www.mysql.com">http://www.mysql.com</A></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">advisory:<A =
href=3D"http://lostmon.blogspot.com/2005/04/"> =
http://www.zataz.</A>net/adviso/mysql-05172005.txt</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">vendor informed: yes exploit available:no</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 12px/normal Helvetica; =
min-height: 17px; "><BR></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#########################################################</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>MySQL contain a security =
flaw how could</DIV><DIV>allow a malicious local attacker to inject =
arbitrary SQL commands</DIV><DIV>during database creation =
process.</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV>For =
exemple : A malicious local attacker could create an mysql =
account</DIV><DIV>accessible from local (or everywhere) with ALL =
privileges on all databases;</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">##########</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">versions:</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">##########</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><BR =
class=3D"khtml-block-placeholder"></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">MySQL=A0< =
4.0.12</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">MySQL <=3D 5.0.4</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><BR class=3D"khtml-block-placeholder"></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">##########</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">Solution:</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">##########</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><BR class=3D"khtml-block-placeholder"></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">For MySQL 4.0.x update to the new version =
4.0.12</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">MySQL 5.0.4 still =
vulnerable.</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><BR =
class=3D"khtml-block-placeholder"></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#########</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">timeline:</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#########</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><BR =
class=3D"khtml-block-placeholder"></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">discovered : =
2005-05-07</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">vendor notified : =
2005-05-09</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">vendor response =
:=A02005-05-09</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">vendor fix =
:=A0=A02005-05-17</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">disclosure =
:=A02005-05-17</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><BR =
class=3D"khtml-block-placeholder"></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#####################</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Technical =
details :</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">#####################</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><BR class=3D"khtml-block-placeholder"></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Verdana" =
size=3D"3"><SPAN class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">tmp_file=3D/tmp/mysql_install_db.$$</SPAN></FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 11.7px/normal Verdana; =
min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Verdana" size=3D"3"><SPAN =
class=3D"Apple-style-span" style=3D"font-size: 11.7px;">Then on =
:</SPAN></FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
11.7px/normal Verdana; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Verdana" =
size=3D"3"><SPAN class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">=A0</SPAN></FONT><FONT class=3D"Apple-style-span" =
face=3D"Verdana" size=3D"3"><SPAN class=3D"Apple-style-span" =
style=3D"font-size: 11.7px;">226 </SPAN></FONT><FONT =
class=3D"Apple-style-span" face=3D"Verdana" size=3D"3"><SPAN =
class=3D"Apple-style-span" style=3D"font-size: 11.7px;">=A0 =A0 =
</SPAN></FONT><FONT class=3D"Apple-style-span" face=3D"Verdana" =
size=3D"3"><SPAN class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">echo "use mysql;" > $tmp_file</SPAN></FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Verdana" =
size=3D"3"><SPAN class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">=A0</SPAN></FONT><FONT class=3D"Apple-style-span" =
face=3D"Verdana" size=3D"3"><SPAN class=3D"Apple-style-span" =
style=3D"font-size: 11.7px;">227 </SPAN></FONT><FONT =
class=3D"Apple-style-span" face=3D"Verdana" size=3D"3"><SPAN =
class=3D"Apple-style-span" style=3D"font-size: 11.7px;">=A0 =A0 =
</SPAN></FONT><FONT class=3D"Apple-style-span" face=3D"Verdana" =
size=3D"3"><SPAN class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">cat $tmp_file $fill_help_tables | eval =
"$mysqld_install_cmd_line"</SPAN></FONT></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Verdana" size=3D"3"><SPAN =
class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">=A0</SPAN></FONT><FONT class=3D"Apple-style-span" =
face=3D"Verdana" size=3D"3"><SPAN class=3D"Apple-style-span" =
style=3D"font-size: 11.7px;">228 </SPAN></FONT><FONT =
class=3D"Apple-style-span" face=3D"Verdana" size=3D"3"><SPAN =
class=3D"Apple-style-span" style=3D"font-size: 11.7px;">=A0 =A0 =
</SPAN></FONT><FONT class=3D"Apple-style-span" face=3D"Verdana" =
size=3D"3"><SPAN class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">res=3D$?</SPAN></FONT></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Verdana" size=3D"3"><SPAN =
class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">=A0</SPAN></FONT><FONT class=3D"Apple-style-span" =
face=3D"Verdana" size=3D"3"><SPAN class=3D"Apple-style-span" =
style=3D"font-size: 11.7px;">229 </SPAN></FONT><FONT =
class=3D"Apple-style-span" face=3D"Verdana" size=3D"3"><SPAN =
class=3D"Apple-style-span" style=3D"font-size: 11.7px;">=A0 =A0 =
</SPAN></FONT><FONT class=3D"Apple-style-span" face=3D"Verdana" =
size=3D"3"><SPAN class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">rm $tmp_file</SPAN></FONT></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Verdana" size=3D"3"><SPAN =
class=3D"Apple-style-span" style=3D"font-size: 11.7px;"><BR =
class=3D"khtml-block-placeholder"></SPAN></FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#####################</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">Credits=A0:</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">#####################</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Verdana" =
size=3D"3"><SPAN class=3D"Apple-style-span" style=3D"font-size: =
11.7px;"><BR class=3D"khtml-block-placeholder"></SPAN></FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">Eric Romang (<A =
href=3D"mailto:eromang@zataz.net">eromang@zataz.net</A> - =
ZATAZ)</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">Thxs to Gentoo Security Team. =
(Taviso, Sune, jaervosz, etc.)</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><BR =
class=3D"khtml-block-placeholder"></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><BR =
class=3D"khtml-block-placeholder"></DIV></BODY></HTML>=

--Apple-Mail-1-580636551--
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close