Re: mSQL vulnerability.

From: David J. Hughes (bambiat_private)
Date: Thu Feb 18 1999 - 19:58:53 PST

Next message: William Deich: "Re: BUGTRAQ Digest - 17 Feb 1999 to 18 Feb 1999 (#1999-45)"

Previous message: Fabio Bastiglia Oliva: "Re: Pingflood attack against Windows98"
Maybe in reply to: Christofer C. Bell: "mSQL vulnerability."
Next in thread: John W. Temples: "Re: mSQL vulnerability."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 17 Feb 1999, Christofer C. Bell wrote:

> I'd like to point out that mSQL by default (all versions) DO NOT have
> hosts based access control enabled.  Note that when you start the msql2d
> process for the first time, you see this message:

This is _not_ correct.

By default, mSQL is configured to run with Remote_Access disabled (via the
msql.conf file or the internal default config settings).  This implies
that, by default, the mSQL server will not even create a TCP socket.  Host
based access control is only used if you modify the configuration and
explicitly enable remote access to the server.

The Remote_Access config option was added in the 2.0.4 release of mSQL
back in May 1988.

Bambi
...

   /   /            /             David J. Hughes      Bambiat_private
  /___/       ___  /__  ___  ___  Managing Director    Hughes Technologies
 /   / /  /  /  / /  / /__/ /__   Fax:+61 7 3302 2199  http://Hughes.com.au
/   / /__/  /__/ /  / /__  ___/   _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/
            __/

Next message: William Deich: "Re: BUGTRAQ Digest - 17 Feb 1999 to 18 Feb 1999 (#1999-45)"
Previous message: Fabio Bastiglia Oliva: "Re: Pingflood attack against Windows98"
Maybe in reply to: Christofer C. Bell: "mSQL vulnerability."
Next in thread: John W. Temples: "Re: mSQL vulnerability."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:52 PDT