command injections in mysqld_multi
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mysql-5.1 (Ubuntu) |
Expired
|
Wishlist
|
Unassigned |
Bug Description
Binary package hint: mysql-server-5.1
/usr/bin/
test case :
emanuel@
1 ) report option :
emanuel@
mysqld_multi log file version 2.16; run: Fri May 13 19:41:26 2011
Reporting MySQL servers
/usr/bin/
error: 'Access denied for user 'User'@'localhost' (using password: NO)'
$
2 ) start option :
emanuel@
SystemInj
$
3 ) stop option
emanuel@
mysqld_multi log file version 2.16; run: Fri May 13 19:42:59 2011
Stopping MySQL servers
/usr/bin/
error: 'Access denied for user 'User'@'localhost' (using password: NO)'
$
the bug can be found at :
1 ) sub report_mysqlds
$com= get_mysqladmin_
$com.= " ping >> /dev/null 2>&1";
system($com);
2 ) sub start_mysqlds()
$com.= $tmp;
$com.= " >> $opt_log 2>&1" if (!$opt_no_log);
$com.= " &";
system($com);
3 ) sub stop_mysqlds()
$com= get_mysqladmin_
$com.= " shutdown";
$com.= " >> $opt_log 2>&1" if (!$opt_no_log);
$com.= " &";
system($com);
Changed in mysql-5.1 (Ubuntu): | |
importance: | Undecided → High |
tags: | added: security |
security vulnerability: | no → yes |
tags: | added: server |
While this should get fixed, I don't really see a security issue here, unless an attacker can somehow control the parameters that mysqld_multi uses without them getting specified by the user on the command line.