MySQL Forums
Forum List  »  Quality Assurance

Normal user got root privileges and full access to all databases
Posted by: Damon Bonesi
Date: April 20, 2011 04:09PM

Hallo,
I'm a bit confused where to post this bug: an user with only one database on my system, configured only for usage, , used this GRANT command (that it didn0t had the permission for):

GRANT USAGE ON *.* TO 'root'@'localhost' IDENTIFIED BY 'xxxxx' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;

and instead giving back an "Access Denied" error, my root account effectively changed password with 'xxxxx' and the user got all privileges (and I wasn't able to log in as root with my normal password).

I tried with other users with the same privileges as root but I can't reproduce it (ig gives me back correctly "Access Denied".

Some advice will be really appreciated!
damon

(MySQL 5.0.51a on Ubuntu 8.04, phpMyAdmin 3.3.7 and php mysql extension)

Options: ReplyQuote


Subject
Views
Written By
Posted
Normal user got root privileges and full access to all databases
1972
April 20, 2011 04:09PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.