exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

mysql-05172005.txt

mysql-05172005.txt
Posted Aug 14, 2005
Authored by Eric Romang

MySQL contains a security flaw that can allow a local attacker the ability to commit SQL injection attacks.

tags | advisory, local, sql injection
SHA-256 | a6162c7a6873c2af86c56725d216d20b2735c99db4b74692c0a079b627ea6131
Download | Favorite | View

mysql-05172005.txt

Change Mirror Download

--Apple-Mail-1-580636551
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
  charset=US-ASCII;
  delsp=yes;
  format=flowed

#########################################################
MySQL mysql_install_db data manipulation
vendor: http://www.mysql.com
advisory: http://www.zataz.net/adviso/mysql-05172005.txt
vendor informed: yes exploit available:no

#########################################################

MySQL contain a security flaw how could
allow a malicious local attacker to inject arbitrary SQL commands
during database creation process.

For exemple : A malicious local attacker could create an mysql account
accessible from local (or everywhere) with ALL privileges on all  
databases;

##########
versions:
##########

MySQL < 4.0.12
MySQL <= 5.0.4

##########
Solution:
##########

For MySQL 4.0.x update to the new version 4.0.12
MySQL 5.0.4 still vulnerable.

#########
timeline:
#########

discovered : 2005-05-07
vendor notified : 2005-05-09
vendor response : 2005-05-09
vendor fix :  2005-05-17
disclosure : 2005-05-17

#####################
Technical details :
#####################

tmp_file=/tmp/mysql_install_db.$$

Then on :

  226     echo "use mysql;" > $tmp_file
  227     cat $tmp_file $fill_help_tables | eval  
"$mysqld_install_cmd_line"
  228     res=$?
  229     rm $tmp_file

#####################
Credits :
#####################

Eric Romang (eromang@zataz.net - ZATAZ)
Thxs to Gentoo Security Team. (Taviso, Sune, jaervosz, etc.)



--Apple-Mail-1-580636551
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
  charset=ISO-8859-1

<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#########################################################</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">MySQL mysql_install_db data manipulation</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">vendor: <A =
href=3D"http://www.mysql.com">http://www.mysql.com</A></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">advisory:<A =
href=3D"http://lostmon.blogspot.com/2005/04/"> =
http://www.zataz.</A>net/adviso/mysql-05172005.txt</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">vendor informed: yes exploit available:no</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 12px/normal Helvetica; =
min-height: 17px; "><BR></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#########################################################</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>MySQL contain a security =
flaw how could</DIV><DIV>allow a malicious local attacker to inject =
arbitrary SQL commands</DIV><DIV>during database creation =
process.</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV>For =
exemple : A malicious local attacker could create an mysql =
account</DIV><DIV>accessible from local (or everywhere) with ALL =
privileges on all databases;</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">##########</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">versions:</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">##########</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><BR =
class=3D"khtml-block-placeholder"></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">MySQL=A0< =
4.0.12</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">MySQL <=3D 5.0.4</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><BR class=3D"khtml-block-placeholder"></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">##########</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">Solution:</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">##########</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><BR class=3D"khtml-block-placeholder"></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">For MySQL 4.0.x update to the new version =
4.0.12</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">MySQL 5.0.4 still =
vulnerable.</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><BR =
class=3D"khtml-block-placeholder"></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#########</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">timeline:</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#########</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><BR =
class=3D"khtml-block-placeholder"></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">discovered : =
2005-05-07</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">vendor notified : =
2005-05-09</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">vendor response =
:=A02005-05-09</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">vendor fix =
:=A0=A02005-05-17</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">disclosure =
:=A02005-05-17</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><BR =
class=3D"khtml-block-placeholder"></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#####################</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Technical =
details :</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">#####################</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><BR class=3D"khtml-block-placeholder"></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Verdana" =
size=3D"3"><SPAN class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">tmp_file=3D/tmp/mysql_install_db.$$</SPAN></FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 11.7px/normal Verdana; =
min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Verdana" size=3D"3"><SPAN =
class=3D"Apple-style-span" style=3D"font-size: 11.7px;">Then on =
:</SPAN></FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
11.7px/normal Verdana; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Verdana" =
size=3D"3"><SPAN class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">=A0</SPAN></FONT><FONT class=3D"Apple-style-span" =
face=3D"Verdana" size=3D"3"><SPAN class=3D"Apple-style-span" =
style=3D"font-size: 11.7px;">226 </SPAN></FONT><FONT =
class=3D"Apple-style-span" face=3D"Verdana" size=3D"3"><SPAN =
class=3D"Apple-style-span" style=3D"font-size: 11.7px;">=A0 =A0 =
</SPAN></FONT><FONT class=3D"Apple-style-span" face=3D"Verdana" =
size=3D"3"><SPAN class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">echo "use mysql;" > $tmp_file</SPAN></FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Verdana" =
size=3D"3"><SPAN class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">=A0</SPAN></FONT><FONT class=3D"Apple-style-span" =
face=3D"Verdana" size=3D"3"><SPAN class=3D"Apple-style-span" =
style=3D"font-size: 11.7px;">227 </SPAN></FONT><FONT =
class=3D"Apple-style-span" face=3D"Verdana" size=3D"3"><SPAN =
class=3D"Apple-style-span" style=3D"font-size: 11.7px;">=A0 =A0 =
</SPAN></FONT><FONT class=3D"Apple-style-span" face=3D"Verdana" =
size=3D"3"><SPAN class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">cat $tmp_file $fill_help_tables | eval =
"$mysqld_install_cmd_line"</SPAN></FONT></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Verdana" size=3D"3"><SPAN =
class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">=A0</SPAN></FONT><FONT class=3D"Apple-style-span" =
face=3D"Verdana" size=3D"3"><SPAN class=3D"Apple-style-span" =
style=3D"font-size: 11.7px;">228 </SPAN></FONT><FONT =
class=3D"Apple-style-span" face=3D"Verdana" size=3D"3"><SPAN =
class=3D"Apple-style-span" style=3D"font-size: 11.7px;">=A0 =A0 =
</SPAN></FONT><FONT class=3D"Apple-style-span" face=3D"Verdana" =
size=3D"3"><SPAN class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">res=3D$?</SPAN></FONT></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Verdana" size=3D"3"><SPAN =
class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">=A0</SPAN></FONT><FONT class=3D"Apple-style-span" =
face=3D"Verdana" size=3D"3"><SPAN class=3D"Apple-style-span" =
style=3D"font-size: 11.7px;">229 </SPAN></FONT><FONT =
class=3D"Apple-style-span" face=3D"Verdana" size=3D"3"><SPAN =
class=3D"Apple-style-span" style=3D"font-size: 11.7px;">=A0 =A0 =
</SPAN></FONT><FONT class=3D"Apple-style-span" face=3D"Verdana" =
size=3D"3"><SPAN class=3D"Apple-style-span" style=3D"font-size: =
11.7px;">rm $tmp_file</SPAN></FONT></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Verdana" size=3D"3"><SPAN =
class=3D"Apple-style-span" style=3D"font-size: 11.7px;"><BR =
class=3D"khtml-block-placeholder"></SPAN></FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#####################</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">Credits=A0:</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">#####################</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Verdana" =
size=3D"3"><SPAN class=3D"Apple-style-span" style=3D"font-size: =
11.7px;"><BR class=3D"khtml-block-placeholder"></SPAN></FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">Eric Romang (<A =
href=3D"mailto:eromang@zataz.net">eromang@zataz.net</A> - =
ZATAZ)</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">Thxs to Gentoo Security Team. =
(Taviso, Sune, jaervosz, etc.)</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><BR =
class=3D"khtml-block-placeholder"></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><BR =
class=3D"khtml-block-placeholder"></DIV></BODY></HTML>=

--Apple-Mail-1-580636551--
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close