On Mon, 4 Jun 2001 [EMAIL PROTECTED] wrote:
> >Description:
> User able to (accidentally!!) change/reset their own password despite not having
>*any* access to the mysql database
>
> >How-To-Repeat
> There's the trick. We can't reproduce but this happened twice. However the
>setup of our (very recent) mysql installation is so simple that it's very clear this
>did in fact happen.
> >Fix:
> ???
Hello! I am the MySQL Security Administrator and responsible for "security
stuff". I carefully read through your bugreport and understood
it. Meanwhile like youself I do not know how to reproduce this bug. Next I
will check the code in related places but I don't think that this will be
successful. But on comment I have:
> >Environment:
> Intel PIII, BU Linux (a RedHat 6.2-derived installation)
> System: Linux louis-xiv.bu.edu 2.2.16-3smp #1 SMP Mon Jun 19 19:00:35 EDT 2000 i686
>unknown
All linux kernels below 2.2.19 contain buffer overflow problem which
allows any shell user to get a root. Maybe someone is already in your
system and MySQL problem appeared because he makes backdoors for himself?
Tonu
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php