Re: [Full-Disclosure] Mysql 3.23.x/4.0.x Remote Root Exploit
From: Andreas Gietl (a.gietl_at_e-admin.de)
Date: 09/14/03
- Previous message: Elv1S: "[Full-Disclosure] Mysql 3.23.x/4.0.x Remote Root Exploit"
- In reply to: Elv1S: "[Full-Disclosure] Mysql 3.23.x/4.0.x Remote Root Exploit"
- Next in thread: Jedi/Sector One: "Re: [Full-Disclosure] Mysql 3.23.x/4.0.x Remote Root Exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Elv1S <elvi52001@yahoo.com>, full-disclosure@lists.netsys.com Date: Sun, 14 Sep 2003 15:14:31 +0200
On Sunday 14 September 2003 14:59, Elv1S wrote:
> no comment ...
>
> http://www.k-otik.com/exploits/09.14.mysql.c.php
This is NO ROOT exploit.
To exploit the vuln you need the mysql-root and remote-access for
mysql-root-user must be allowed!
After the exploit worked you don't have root-access but access with the user
mysqld is running in.
>
> don't know if this vuln is patched ?
Vuln is patched in 4.0.15
>
>
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
-- e-admin internet gmbh Andreas Gietl tel +49 941 3810884 Ludwig-Thoma-Strasse 35 fax +49 (0)1805/39160 - 29104 93051 Regensburg mobil +49 171 6070008 PGP/GPG-Key unter http://www.e-admin.de/gpg.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Elv1S: "[Full-Disclosure] Mysql 3.23.x/4.0.x Remote Root Exploit"
- In reply to: Elv1S: "[Full-Disclosure] Mysql 3.23.x/4.0.x Remote Root Exploit"
- Next in thread: Jedi/Sector One: "Re: [Full-Disclosure] Mysql 3.23.x/4.0.x Remote Root Exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
