If you…
- Run MySQL
- Have weak root password or no password
- Allow root@% to login
- Have port 3306 open to the outside world
Then you are vulnerable to an attack that allows a remote user to use the MySQL system to put an arbitrary executable onto your box and run it. Currently, there is an exploit for this that drops a Windows DLL on, but a Linux exploit is completely possible with the technique.This is known as a [[wp:worm]] by many.
The resulting executable may only run with the permissions of the account MySQL runs as, but it coudl then use a “local exploit” – and they exist for both Windows and [[wp:Linux]] – to achieve better access than it should have and of course it can destroy or alter database data wich may lead to other compromises or problems.
You should…
- [[wp:Firewall]] port 3306 from the outside. If you need to remote access the box, use [[wp:SSH]] to tunnel or [[wp:VPN]] or add some authentication mechanism to your firewall
- Use a strong password – I linked to some utilities that might help with this in the past
- Lock down the root@ settings
- Take other appropriate steps to lock down MySQL
Links…
- Mike Hillyer’s Personal Web Space
- SANS – Internet Storm Center – MySQL Bot
- The expected Slasdot thread blaming Microsoft for the issue in MySQL, even though ti woudl also work against Linux.