ID: 15375
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Closed
Bug Type: MySQL related
Operating System: All
PHP Version: 4.1.1
Assigned To: zak
New Comment:
A fix for this behavior should appear within the next few
releases of the MySQL 4.0.x series.
I will update this bug when the fix is implemented.
Previous Comments:
------------------------------------------------------------------------
[2002-02-05 12:24:48] [EMAIL PROTECTED]
I generally agree on Rasmus' feedback on the issue, so i'll leave it
closed. However, since this naturally works with remote mysql-servers,
setting up a server where you have the create-permission isnt really
much of a hazzle.
------------------------------------------------------------------------
[2002-02-05 10:15:39] [EMAIL PROTECTED]
It works even if you are connecting to remote mysql server over tcp/ip,
so I don't think this is only mysql related issue.
------------------------------------------------------------------------
[2002-02-05 09:53:36] [EMAIL PROTECTED]
Verified that the exploit allows any file readable by the
MySQL server to be viewed via this technique. Note that
forbidding the MySQL user CREATE permission does make the
exploit less convenient for the attacker.
The MySQL dev team is looking at ways to reduce this risk
via MySQL permission behavior in the server.
Given Rasmus' feedback on the issue, I am closing this as
a PHP bug. Hopefully, the MySQL dev team should be able
eliminate or reduce this risk. If we can't completely
resolve it, I will re-examine this bug.
--zak@[mysql|php].com
------------------------------------------------------------------------
[2002-02-05 09:53:11] [EMAIL PROTECTED]
Verified that the exploit allows any file readable by the
MySQL server to be viewed via this technique. Note that
forbidding the MySQL user CREATE permission does make the
exploit less convenient for the attacker.
The MySQL dev team is looking at ways to reduce this risk
via MySQL permission behavior in the server.
Given Rasmus' feedback on the issue, I am closing this as
a PHP bug. Hopefully, the MySQL dev team should be able
eliminate or reduce this risk. If we can't completely
resolve it, I will re-examine this bug.
--zak@[mysql|php].com
------------------------------------------------------------------------
[2002-02-05 06:22:51] [EMAIL PROTECTED]
Humility is a dish best served lukewarm... I should have read more
carefully. :)
While Rasmus has spoken on this issue, but I will take a closer look at
it tomorrow.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/15375
--
Edit this bug report at http://bugs.php.net/?id=15375&edit=1
