Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 85971 - possible root exploit in mysqld startup
Summary: possible root exploit in mysqld startup
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: mysql
Version: 8.0
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Patrick Macdonald
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-03-11 17:53 UTC by Christopher McCrory
Modified: 2007-03-27 04:01 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2003-03-25 16:17:32 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2003:093 high SHIPPED_LIVE : Updated MySQL packages fix vulnerabilities 2003-04-29 04:00:00 UTC
Red Hat Product Errata RHSA-2003:094 normal SHIPPED_LIVE Important: mysql security update 2003-04-28 04:00:00 UTC

Description Christopher McCrory 2003-03-11 17:53:01 UTC
Description of problem:

From bugtraq
http://www.securityfocus.com/archive/1/314391/2003-03-08/2003-03-14/0


Hi. I tried this on my own MySQL 3.23.55 !!!
I found out that logging as the root user, we can change mysqld to run as root
instead that
i.e. mysql but this works only if there's just one my.cnf file and it is locate
in /etc...
Here's how I did it...
<snip>




Version-Release number of selected component (if applicable):

mysql < 3.23.56

How reproducible:
Always

Steps to Reproduce:
1.  see URL for post above
2.
3.
    
Actual results:


Expected results:


Additional info:

Fix:

http://www.securityfocus.com/archive/1/314616/2003-03-08/2003-03-14/0


Sergei Golubchik <serg@mysql.com>
This issue has been adressed in 3.23.56 (release build is started
today), and some steps were taken to alleviate the threat.
<snip>


listed under RH8.0
but also applies to all others

Comment 1 Patrick Macdonald 2003-03-11 18:04:53 UTC
Assigning to myself.  We'll have to wait until MySQL.com
releases the 3.23.56 packages.  I may just upgrade to this
release when enabling thread safe clients.

Comment 2 Mark J. Cox 2003-03-19 09:33:11 UTC
This is CAN-2003-0150

Comment 3 Patrick Macdonald 2003-03-25 16:17:32 UTC
Held this patch back while MySQL 3.23.56 was being spun.  This fix will be
available via the errata system.


Note You need to log in before you can comment on or make changes to this bug.