Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

[dev.icinga.com #2994] create_mysqldb.sh allows access to all dbs and ignores mysql password #1080

Closed
icinga-migration opened this Issue Aug 20, 2012 · 8 comments

Comments

Projects
None yet
1 participant
Member

icinga-migration commented Aug 20, 2012

This issue has been migrated from Redmine: https://dev.icinga.com/issues/2994

Created by theh on 2012-08-20 08:11:53 +00:00

Assignee: mfriedrich
Status: Resolved (closed on 2012-08-20 14:50:31 +00:00)
Target Version: 1.7.2
Last Update: 2014-12-08 14:46:48 +00:00 (in Redmine)

Icinga Version: 1.10.0
OS Version: any

The create_mysqldb.sh allows by default access to all dbs. This is a security issue.

It also doesn't check the provided mysql password correctly.

Patches to fix both issues are attached.

Attachments

Changesets

2012-08-20 12:51:49 +00:00 by mfriedrich cdcd9eb

idoutils: fix ignoring mysql password in create_mysqldb.sh #2994

thx Tim Hardeck
fixes #2994

2012-08-20 13:33:30 +00:00 by mfriedrich 16da437

idoutils: fix ignoring mysql password in create_mysqldb.sh #2994

thx Tim Hardeck
fixes #2994

Conflicts:

	Changelog

Relations:

Member

icinga-migration commented Aug 20, 2012

Updated by theh on 2012-08-20 08:12:45 +00:00

  • File added icinga-fix-fsf-address.patch
Member

icinga-migration commented Aug 20, 2012

Updated by theh on 2012-08-20 08:13:20 +00:00

  • File added icinga-fix-create_mysqldb.patch

Uploaded the wrong file, sorry.

Member

icinga-migration commented Aug 20, 2012

Updated by theh on 2012-08-20 08:13:44 +00:00

  • File added icinga-fix2-create_mysqldb.patch
Member

icinga-migration commented Aug 20, 2012

Updated by theh on 2012-08-20 08:13:50 +00:00

  • File deleted icinga-fix-fsf-address.patch
Member

icinga-migration commented Aug 20, 2012

Updated by mfriedrich on 2012-08-20 08:15:07 +00:00

  • Project changed from Icinga 1.x to 18
Member

icinga-migration commented Aug 20, 2012

Updated by mfriedrich on 2012-08-20 08:22:41 +00:00

  • Category set to 105
  • Status changed from New to Assigned
  • Assigned to set to mfriedrich
  • Priority changed from Normal to Low
  • Target Version set to 1.7.2
  • (unknown custom field) set to 1
  • (unknown custom field) set to MySQL
  • (unknown custom field) set to 1

the security issue was already fixed in #2917 and is already in git r1.7 scheduled for 1.7.2 release.

the other thingy looks valid, will push to git soon.

Member

icinga-migration commented Aug 20, 2012

Updated by mfriedrich on 2012-08-20 14:50:31 +00:00

  • Status changed from Assigned to Resolved
  • Done % changed from 0 to 100

Applied in changeset 16da437.

Member

icinga-migration commented Dec 8, 2014

Updated by mfriedrich on 2014-12-08 14:46:48 +00:00

  • Project changed from 18 to Core, Classic UI, IDOUtils
  • Category changed from 105 to IDOUtils
  • Icinga Version changed from 1 to 1
  • OS Version set to any

@icinga-migration icinga-migration added this to the 1.7.2 milestone Jan 17, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment