Bug 85971 - possible root exploit in mysqld startup
possible root exploit in mysqld startup
Product: Red Hat Linux
Classification: Retired
Component: mysql (Show other bugs)
All Linux
high Severity medium
: ---
: ---
Assigned To: Patrick Macdonald
David Lawrence
: Security
Depends On:
  Show dependency treegraph
Reported: 2003-03-11 12:53 EST by Christopher McCrory
Modified: 2007-03-27 00:01 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-03-25 11:17:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2003:093 high SHIPPED_LIVE : Updated MySQL packages fix vulnerabilities 2003-04-29 00:00:00 EDT
Red Hat Product Errata RHSA-2003:094 normal SHIPPED_LIVE Important: mysql security update 2003-04-28 00:00:00 EDT

  None (edit)
Description Christopher McCrory 2003-03-11 12:53:01 EST
Description of problem:

From bugtraq

Hi. I tried this on my own MySQL 3.23.55 !!!
I found out that logging as the root user, we can change mysqld to run as root
instead that
i.e. mysql but this works only if there's just one my.cnf file and it is locate
in /etc...
Here's how I did it...

Version-Release number of selected component (if applicable):

mysql < 3.23.56

How reproducible:

Steps to Reproduce:
1.  see URL for post above
Actual results:

Expected results:

Additional info:



Sergei Golubchik <serg@mysql.com>
This issue has been adressed in 3.23.56 (release build is started
today), and some steps were taken to alleviate the threat.

listed under RH8.0
but also applies to all others
Comment 1 Patrick Macdonald 2003-03-11 13:04:53 EST
Assigning to myself.  We'll have to wait until MySQL.com
releases the 3.23.56 packages.  I may just upgrade to this
release when enabling thread safe clients.
Comment 2 Mark J. Cox 2003-03-19 04:33:11 EST
This is CAN-2003-0150
Comment 3 Patrick Macdonald 2003-03-25 11:17:32 EST
Held this patch back while MySQL 3.23.56 was being spun.  This fix will be
available via the errata system.

Note You need to log in before you can comment on or make changes to this bug.