2 messages in com.mysql.lists.bugsSecurity vulnerability| From | Sent On | Attachments |
|---|---|---|
| Plesk Support | 01 Oct 2002 04:24 | |
| Sergei Golubchik | 01 Oct 2002 06:48 |
| Subject: | Security vulnerability |
|---|---|
| From: | Plesk Support (supp...@plesk.com) |
| Date: | 10/01/2002 04:24:27 AM |
| List: | com.mysql.lists.bugs |
SEND-PR: -*- send-pr -*- SEND-PR: Lines starting with `SEND-PR' will be removed automatically, as SEND-PR: will all comments (text enclosed in `<' and `>'). SEND-PR: From: km...@plesk.com To: mys...@lists.mysql.com Subject: security vulnerability
Description: Any user in mysql can create as many databases as he wants. Create a user with 1 database, and let him create database with name "my_data_base". Log into mysql console as user and run command:
CREATE DATABASE "my?data?base";
New database will be created and user can create tables and use it as normal database. You can also create "my?data_base", "my_data?base", or try to use *,$, #, a-z, A-Z.... and other symbols instead of underlines "_" ...
I've just tried to log into MySQL console as usual non-privileged user with N,N,N,N... permissions in "mysql.user" and tried to create some base with another names -- no permissons error. However I COULD create 5 databases with names similar to "my_data_base"... I can operate them (as this user) without problems. Seems like huge hole in our MySQL (or MySQL at all).
How-To-Repeat: <code/input/activities to reproduce the problem (multiple lines)> Fix:
<how to correct or work around the problem, if known (multiple lines)>
Submitter-Id: <submitter ID> Originator: Organization:
MySQL support: [none | licence | email support | extended email support ] Synopsis: <synopsis of the problem (one line)>
Severity: critical Priority: high Category: mysql
Class: <[ sw-bug | doc-bug | change-request | support ] (one
line)> Release: mysql-3.23.46 (Source distribution)