I am getting the report quoted at the bottom of this message from nessus
1.2.3 when scanning my target system and would like to clarify a couple
of points.
1) If I telnet the same host I get the response:
telnet ns1 3306
Trying 207.70.162.2...
Connected to ns1.
Escape character is '^]'.
GHost '207.70.162.210' is not allowed to connect to this MySQL
serverConnection closed by foreign host.
This seems to indicate to me that the server is not allowing remote
connections, so why thge vunarability?
2) The part of the message that reads:
'mysql -u root password <newpassword>'
I think should read:
'mysqladmin -u root password <newpassword>'
as there does not appear to be a 'password' command for 'mysql'
. Vulnerability found on port mysql (3306/tcp) :
Your MySQL database is not password protected.
Anyone can connect to it and do whatever he wants to your data
(deleting a database, adding bogus entries, ...)
We could collect the list of databases installed on the remote host :
. 0
Solution : Log into this host, and set a password for the root user
through the command 'mysql -u root password <newpassword>'
Read the MySQL manual (available on www.mysql.com) for details.
In addition to this, it is not recommanded that you let your MySQL
daemon listen to request from anywhere in the world. You should filter
incoming connections to this port.
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
