Bug#418672: mysql-server-5.0: Creates root accounts without password on upgrade

Wed, 11 Apr 2007 00:20:11 -0700 

Package: mysql-server-5.0
Version: 5.0.38-1
Severity: critical
Tags: security
Justification: root security hole

Hi,

I pressed Enter when it asked for a new password for root (root already had a 
password).
Three rows were inserted into mysql.user:
(0x6c6f63616c686f7374, 0x726f6f74, '', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 
'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 
'Y', 'Y', '', '', '', '', 0, 0, 0, 0),
(0x632e787769732e6e6574, 0x726f6f74, '', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 
'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 
'Y', 'Y', 'Y', '', '', '', '', 0, 0, 0, 0),
(0x3132372e302e302e31, 0x726f6f74, '', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 
'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 
'Y', 'Y', '', '', '', '', 0, 0, 0, 0);

One for 127.0.0.1, one for localhost and one for 'hostname'.

[EMAIL PROTECTED]:~$ mysql -u root -p
Enter password: 
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: 
NO)
[EMAIL PROTECTED]:~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree... Done
The following packages will be upgraded:
  mysql-server-5.0
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/25.4MB of archives.
After unpacking 287kB of additional disk space will be used.
Do you want to continue [Y/n]? 
Preconfiguring packages ...
(Reading database ... 32257 files and directories currently installed.)
Preparing to replace mysql-server-5.0 5.0.36-1 (using 
.../mysql-server-5.0_5.0.38-1_i386.deb) ...
Stopping MySQL database server: mysqld.
Stopping MySQL database server: mysqld.
Unpacking replacement mysql-server-5.0 ...
Setting up mysql-server-5.0 (5.0.38-1) ...
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..
Configuring mysql-server-5.0
----------------------------

It is highly recommended that you set a password for the MySQL administrative 
"root" user.

If you do not provide a password no changes will be made to the account.

New password for MySQL "root" user: 



[EMAIL PROTECTED]:~$ mysql -u root -p
Enter password: 
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 5.0.38-Debian_1-log Debian etch distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> 



-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-4-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages mysql-server-5.0 depends on:
ii  adduser                     3.102        Add and remove users and groups
ii  debconf [debconf-2.0]       1.5.13       Debian configuration management sy
ii  libc6                       2.3.6.ds1-13 GNU C Library: Shared libraries
ii  libdbi-perl                 1.53-1       Perl5 database interface by Tim Bu
ii  libgcc1                     1:4.1.1-21   GCC support library
ii  libmysqlclient15off         5.0.38-1     mysql database client library
ii  libncurses5                 5.5-5        Shared libraries for terminal hand
ii  libreadline5                5.2-2        GNU readline and history libraries
ii  libstdc++6                  4.1.1-21     The GNU Standard C++ Library v3
ii  libwrap0                    7.6.dbs-13   Wietse Venema's TCP wrappers libra
ii  lsb-base                    3.1-23.1     Linux Standard Base 3.1 init scrip
ii  mysql-client-5.0            5.0.38-1     mysql database client binaries
ii  mysql-common                5.0.38-1     mysql database common files (e.g. 
ii  passwd                      1:4.0.18.1-7 change and administer password and
ii  perl                        5.8.8-7      Larry Wall's Practical Extraction 
ii  psmisc                      22.3-1       Utilities that use the proc filesy
ii  zlib1g                      1:1.2.3-13   compression library - runtime

Versions of packages mysql-server-5.0 recommends:
ii  mailx            1:8.1.2-0.20050715cvs-1 A simple mail user agent

-- debconf information:
  mysql-server-5.0/really_downgrade: false
* mysql-server-5.0/need_sarge_compat: false
  mysql-server-5.0/start_on_boot: true
  mysql-server/error_setting_password:
  mysql-server-5.0/mysql_update_hints1:
  mysql-server-5.0/nis_warning:
  mysql-server-5.0/postrm_remove_databases: false
  mysql-server-5.0/need_sarge_compat_done: true
  mysql-server-5.0/no_upgrade_with_isam_tables:
* mysql-server-5.0/mysql_install_db_notes:


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to