Skip to content
This repository has been archived by the owner. It is now read-only.

[dev.icinga.com #2994] create_mysqldb.sh allows access to all dbs and ignores mysql password #1080

Closed
icinga-migration opened this issue Aug 20, 2012 · 8 comments

Comments

Projects
None yet
1 participant
@icinga-migration
Copy link
Member

commented Aug 20, 2012

This issue has been migrated from Redmine: https://dev.icinga.com/issues/2994

Created by theh on 2012-08-20 08:11:53 +00:00

Assignee: mfriedrich
Status: Resolved (closed on 2012-08-20 14:50:31 +00:00)
Target Version: 1.7.2
Last Update: 2014-12-08 14:46:48 +00:00 (in Redmine)

Icinga Version: 1.10.0
OS Version: any

The create_mysqldb.sh allows by default access to all dbs. This is a security issue.

It also doesn't check the provided mysql password correctly.

Patches to fix both issues are attached.

Attachments

Changesets

2012-08-20 12:51:49 +00:00 by mfriedrich cdcd9eb

idoutils: fix ignoring mysql password in create_mysqldb.sh #2994

thx Tim Hardeck
fixes #2994

2012-08-20 13:33:30 +00:00 by mfriedrich 16da437

idoutils: fix ignoring mysql password in create_mysqldb.sh #2994

thx Tim Hardeck
fixes #2994

Conflicts:

	Changelog

Relations:

@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Aug 20, 2012

Updated by theh on 2012-08-20 08:12:45 +00:00

  • File added icinga-fix-fsf-address.patch
@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Aug 20, 2012

Updated by theh on 2012-08-20 08:13:20 +00:00

  • File added icinga-fix-create_mysqldb.patch

Uploaded the wrong file, sorry.

@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Aug 20, 2012

Updated by theh on 2012-08-20 08:13:44 +00:00

  • File added icinga-fix2-create_mysqldb.patch
@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Aug 20, 2012

Updated by theh on 2012-08-20 08:13:50 +00:00

  • File deleted icinga-fix-fsf-address.patch
@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Aug 20, 2012

Updated by mfriedrich on 2012-08-20 08:15:07 +00:00

  • Project changed from Icinga 1.x to 18
@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Aug 20, 2012

Updated by mfriedrich on 2012-08-20 08:22:41 +00:00

  • Category set to 105
  • Status changed from New to Assigned
  • Assigned to set to mfriedrich
  • Priority changed from Normal to Low
  • Target Version set to 1.7.2
  • (unknown custom field) set to 1
  • (unknown custom field) set to MySQL
  • (unknown custom field) set to 1

the security issue was already fixed in #2917 and is already in git r1.7 scheduled for 1.7.2 release.

the other thingy looks valid, will push to git soon.

@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Aug 20, 2012

Updated by mfriedrich on 2012-08-20 14:50:31 +00:00

  • Status changed from Assigned to Resolved
  • Done % changed from 0 to 100

Applied in changeset 16da437.

@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Dec 8, 2014

Updated by mfriedrich on 2014-12-08 14:46:48 +00:00

  • Project changed from 18 to Core, Classic UI, IDOUtils
  • Category changed from 105 to IDOUtils
  • Icinga Version changed from 1 to 1
  • OS Version set to any

@icinga-migration icinga-migration added this to the 1.7.2 milestone Jan 17, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.