{"id":2405,"date":"2005-01-27T14:37:15","date_gmt":"2005-01-27T14:37:15","guid":{"rendered":"http:\/\/www.soulhuntre.com\/items\/date\/2005\/01\/27\/mysql-vulnerability\/"},"modified":"2005-01-27T14:37:15","modified_gmt":"2005-01-27T14:37:15","slug":"mysql-vulnerability","status":"publish","type":"post","link":"http:\/\/legacyiamsenseiken.local\/2005\/01\/27\/mysql-vulnerability\/","title":{"rendered":"MySQL vulnerability&#8230;"},"content":{"rendered":"<p><strong>If you&#8230;<\/strong><\/p>\n<ul>\n<li>Run <a href=\"http:\/\/www.mysql.com\/\">MySQL<\/a><\/li>\n<li>Have weak root password or no password<\/li>\n<li>Allow <a href=\"mailto:root@%\">root@%<\/a> to login<\/li>\n<li>Have port 3306 open to the outside world<\/li>\n<\/ul>\n<p>Then you are vulnerable to an attack that allows a remote user to use the MySQL system to put an arbitrary executable onto your box and run it. Currently, there is an exploit for this that drops a <a href=\"http:\/\/www.microsoft.com\/windows\/\">Windows<\/a> DLL on, but a Linux exploit is completely possible with the technique.This is known as a [[wp:worm]] by many. <\/p>\n<p>The resulting executable may only run with the permissions of the account MySQL runs as, but it coudl then use a &#8220;local exploit&#8221; &#8211; and they exist for both Windows and [[wp:Linux]] &#8211; to achieve better access than it should have and of course it&nbsp;can destroy or alter database data wich may lead to other compromises or problems.<\/p>\n<p><strong>You should&#8230;<\/strong><\/p>\n<ul>\n<li>[[wp:Firewall]] port 3306 from the outside. If you need to remote access the box, use [[wp:SSH]] to tunnel or [[wp:VPN]] or add some authentication mechanism to your firewall<\/li>\n<li>Use a strong password &#8211; I <a href=\"\/core_dump\/archives\/001308.ascx\">linked to some utilities<\/a> that might help with this in the past<\/li>\n<li><a href=\"http:\/\/dev.mysql.com\/doc\/mysql\/en\/default-privileges.html\">Lock down<\/a> the root@ settings<\/li>\n<li>Take <a href=\"http:\/\/dev.mysql.com\/doc\/mysql\/en\/security-against-attack.html\">other appropriate steps<\/a> to lock down MySQL<\/li>\n<\/ul>\n<p><strong>Links&#8230;<\/strong><\/p>\n<ul>\n<li><a href=\"http:\/\/www.openwin.org\/mike\/index.php\/archives\/200%205\/01\/batten-the-hatches-mysql-targeting-bot-on-the%20-loose\/\">Mike Hillyer&#8217;s Personal Web Space<\/a><\/li>\n<li><a href=\"http:\/\/isc.sans.org\/diary.php?isc=a508f4a185755af19ea8bd45444a570b\">SANS &#8211; Internet Storm Center &#8211; MySQL Bot<\/a><\/li>\n<li>The <a href=\"http:\/\/it.slashdot.org\/article.pl?sid=05\/01\/27\/1546222&amp;tid=220&amp;tid=172&amp;tid=95\">expected Slasdot thread blaming Microsoft<\/a> for the issue&nbsp;in MySQL, even though ti woudl also work against Linux.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>If you&#8230; Run MySQL Have weak root password or no password Allow root@% to login Have port 3306 open to the outside world Then you are vulnerable to an attack that allows a remote user to use the MySQL system to put an arbitrary executable onto your box and run it. Currently, there is an [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":56266,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"aside","meta":{"footnotes":""},"categories":[278],"tags":[],"_links":{"self":[{"href":"http:\/\/legacyiamsenseiken.local\/wp-json\/wp\/v2\/posts\/2405"}],"collection":[{"href":"http:\/\/legacyiamsenseiken.local\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/legacyiamsenseiken.local\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/legacyiamsenseiken.local\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"http:\/\/legacyiamsenseiken.local\/wp-json\/wp\/v2\/comments?post=2405"}],"version-history":[{"count":0,"href":"http:\/\/legacyiamsenseiken.local\/wp-json\/wp\/v2\/posts\/2405\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/legacyiamsenseiken.local\/wp-json\/wp\/v2\/media\/56266"}],"wp:attachment":[{"href":"http:\/\/legacyiamsenseiken.local\/wp-json\/wp\/v2\/media?parent=2405"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/legacyiamsenseiken.local\/wp-json\/wp\/v2\/categories?post=2405"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/legacyiamsenseiken.local\/wp-json\/wp\/v2\/tags?post=2405"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}