MySQL Stupid Easy Exploit

[pfyon]

It's a good time to point out to new server admins that you should restrict access to your server to a limited set of IPs. For many servers, this means localhost only. If you go and open up port 3306 and tell mysql to listen on a public interface, you open up your server to an exploit like this.

The default ubuntu install has mysql listen on localhost only (probably debian too). I'm not sure about windows.

[Hateborne]

Quote:

Originally Posted by pfyon

It's a good time to point out to new server admins that you should restrict access to your server to a limited set of IPs. For many servers, this means localhost only. If you go and open up port 3306 and tell mysql to listen on a public interface, you open up your server to an exploit like this.

The default ubuntu install has mysql listen on localhost only (probably debian too). I'm not sure about windows.

This brings up a good point. If the MySQL access is restricted to localhost (127.0.0.1) only, this exploit (and others) can only be run if the baddy has access to the machine physically (or has broken in through another exploit/vulnerability).

-Hate