|
|
MySQL GRANT Global Password Changing Vulnerability
Solution: MySQL 3.22.30 has been released and is not vulnerable to this problem. Sasha Pachev <sasha@mysql.com> sent us the following patch on January 12, 1999: -----------start----------------------- *** /my/monty/master/mysql-3.23.8-alpha/sql/sql_parse.cc Fri Dec 31 13:53:03 1999 --- ./sql_parse.cc Mon Jan 10 21:53:59 2000 *************** *** 1222,1227 **** --- 1222,1246 ---- tables ? &tables->grant.privilege : 0, tables ? 0 : 1)) goto error; + + /* Check that the user isn't trying to change a password for another + user if he doesn't have UPDATE privilege to the MySQL database */ + + List_iterator <LEX_USER> user_list(lex->users_list); + LEX_USER *user; + while ((user=user_list++)) + { + if (user->password.str && + (strcmp(thd->user,user->user.str) || + user->host.str && my_strcasecmp(user->host.str, + thd->host ? thd->host : thd->ip))) + { + if (check_access(thd, UPDATE_ACL, "mysql",0,1)) + goto error; + break; // We are allowed to do changes + } + } + if (tables) { if (grant_option && check_grant(thd, ----------------end------------------- |
|
Privacy Statement |