Bug 85971 - possible root exploit in mysqld startup
possible root exploit in mysqld startup
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: mysql (Show other bugs)
8.0
All Linux
high Severity medium
: ---
: ---
Assigned To: Patrick Macdonald
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-03-11 12:53 EST by Christopher McCrory
Modified: 2007-03-27 00:01 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-03-25 11:17:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Christopher McCrory 2003-03-11 12:53:01 EST
Description of problem:

From bugtraq
http://www.securityfocus.com/archive/1/314391/2003-03-08/2003-03-14/0


Hi. I tried this on my own MySQL 3.23.55 !!!
I found out that logging as the root user, we can change mysqld to run as root
instead that
i.e. mysql but this works only if there's just one my.cnf file and it is locate
in /etc...
Here's how I did it...
<snip>




Version-Release number of selected component (if applicable):

mysql < 3.23.56

How reproducible:
Always

Steps to Reproduce:
1.  see URL for post above
2.
3.
    
Actual results:


Expected results:


Additional info:

Fix:

http://www.securityfocus.com/archive/1/314616/2003-03-08/2003-03-14/0


Sergei Golubchik <serg@mysql.com>
This issue has been adressed in 3.23.56 (release build is started
today), and some steps were taken to alleviate the threat.
<snip>


listed under RH8.0
but also applies to all others
Comment 1 Patrick Macdonald 2003-03-11 13:04:53 EST
Assigning to myself.  We'll have to wait until MySQL.com
releases the 3.23.56 packages.  I may just upgrade to this
release when enabling thread safe clients.
Comment 2 Mark J. Cox (Product Security) 2003-03-19 04:33:11 EST
This is CAN-2003-0150
Comment 3 Patrick Macdonald 2003-03-25 11:17:32 EST
Held this patch back while MySQL 3.23.56 was being spun.  This fix will be
available via the errata system.

Note You need to log in before you can comment on or make changes to this bug.