[19178] in bugtraq
Re: Some more MySql security issues
daemon@ATHENA.MIT.EDU (Carsten H. Pedersen)
Tue Feb 13 01:11:17 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <NDBBIELNELFIOKLKIJMNIENODHAA.carsten.pedersen@bitbybit.dk>
Date: Mon, 12 Feb 2001 22:34:45 +0100
Reply-To: "Carsten H. Pedersen" <carsten.pedersen@BITBYBIT.DK>
From: "Carsten H. Pedersen" <carsten.pedersen@BITBYBIT.DK>
X-To: Konrad Rieck <kr@R0Q.CX>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010211004048.A9515@inf.fu-berlin.de>
> I am a little bit confused about this mail. Maybe the author
> can explain some issues to me...
>
> On Sat, Feb 10, 2001 at 12:54:33AM -0000, Joao Gouveia wrote:
> > roberto@spike:~ > mysql -ublaah (Note: 'blaah' obviously isn't a valid
> > username)
>
> You seem to have a strange configuration of mysql. By default only valid
> users are allowed to connect to the database.
Depends what you mean by "valid users" - mysql users or
users with shell accounts on the system running MySQL?
By default, MySQL installs with the database 'test', and
any user logged onto localhost (i.e. users having a shell account
on the system) may connect to MySQL and start manipulating this
and any other database having a name starting with 'test_'.
These users are considered "anonymous" users in MySQL. They do
*not* have to be defined as MySQL users in order to do this.
> So the overflow in "drop database" can only be used by users of mysql.
<cut>
which is anyone with a shell account on the system running MySQL,
unless the administrator has done the only wise thing, namely
dropped the test database and deleted the anonymous user from the
MySQL user definition.
/ Carsten
--
Carsten H. Pedersen
keeper and maintainer of the bitbybit.dk MySQL FAQ
http://www.bitbybit.dk/mysqlfaq
