security vulnerability

Tue, 01 Oct 2002 03:51:45 -0700 

Description:
        Any user in mysql can create as many databases as he wants.
Create a user with 1 database, and let him create database with name 
"my_data_base". Log into mysql console as user and run command:

CREATE DATABASE "my?data?base";

New database will be created and user can create tables and use it as normal
database. You can also create "my?data_base", "my_data?base", or try
to use *,$, #, a-z, A-Z.... and other symbols instead of underlines "_" ... 

I've just tried to log into MySQL console as usual non-privileged user with
N,N,N,N... permissions in "mysql.user" and tried to create some base with
another names -- no permissons error. However I COULD create 5 databases
with names similar to "my_data_base"... I can operate them (as this user) without
problems. Seems like huge hole in our MySQL (or MySQL at all).

>How-To-Repeat:
        
>Fix:
        

>Submitter-Id:  <submitter ID>
>Originator:    
Organization: Plesk Inc,
>
>MySQL support: [none | licence | email support | extended email support ]
Synopsis:       Any user in mysql can create as many databases as he wants.
Severity:       critical
Priority:       high
Category:       mysql
>Class:         
Release:        mysql-3.23.46 (Source distribution)

>Environment:
        
System: Linux abe.plesk.ru 2.4.7-10 #1 Thu Sep 6 17:27:27 EDT 2001 i686 unknown
Architecture: i686

Some paths:  /usr/bin/perl /usr/bin/make /usr/bin/gmake /usr/bin/gcc /usr/bin/cc
GCC: Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs
gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-98)
Compilation info: CC='gcc'  CFLAGS='-O2 -march=i386 -mcpu=i586 -fPIC'  CXX='c++'  
CXXFLAGS=' -O2 -march=i386 -mcpu=i586 -fPIC'  LDFLAGS=''
LIBC: 
lrwxrwxrwx    1 root     root           13 ��� 18 21:36 /lib/libc.so.6 -> libc-2.2.4.so
-rwxr-xr-x    1 root     root      1282588 ���  5  2001 /lib/libc-2.2.4.so
-rw-r--r--    1 root     root     27304836 ���  5  2001 /usr/lib/libc.a
-rw-r--r--    1 root     root          178 ���  5  2001 /usr/lib/libc.so
lrwxrwxrwx    1 root     root           10 ��� 23 23:58 /usr/lib/libc-client.a -> 
c-client.a
Configure command: ./configure  --without-x --disable-assembler --disable-shared 
--enable-large-files --without-perl --without-debug --without-bench --without-docs 
--with-readline --with-mysqld-user=mysql --with-low-memory 
--prefix=/usr/local/psa/mysql --with-named-curses-libs=/usr/lib/libncurses.a 
--with-named-z-libs=/usr/lib/libz.a


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to