[9684] in bugtraq
Re: mSQL vulnerability.
daemon@ATHENA.MIT.EDU (David J. Hughes)
Fri Feb 19 21:48:24 1999
Date: Fri, 19 Feb 1999 13:58:53 +1000
Reply-To: "David J. Hughes" <bambi@HUGHES.COM.AU>
From: "David J. Hughes" <bambi@HUGHES.COM.AU>
To: BUGTRAQ@NETSPACE.ORG
On Wed, 17 Feb 1999, Christofer C. Bell wrote:
> I'd like to point out that mSQL by default (all versions) DO NOT have
> hosts based access control enabled. Note that when you start the msql2d
> process for the first time, you see this message:
This is _not_ correct.
By default, mSQL is configured to run with Remote_Access disabled (via the
msql.conf file or the internal default config settings). This implies
that, by default, the mSQL server will not even create a TCP socket. Host
based access control is only used if you modify the configuration and
explicitly enable remote access to the server.
The Remote_Access config option was added in the 2.0.4 release of mSQL
back in May 1988.
Bambi
...
/ / / David J. Hughes Bambi@Hughes.com.au
/___/ ___ /__ ___ ___ Managing Director Hughes Technologies
/ / / / / / / / /__/ /__ Fax:+61 7 3302 2199 http://Hughes.com.au
/ / /__/ /__/ / / /__ ___/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/
__/
