MySQL Design Flaw can be leveraged to steal sensitive information
MySQL has released a security statement providing the following information:
The LOAD DATA
statement can load a file located on the server host, or, if the LOCAL
keyword is specified, on the client host.
There are two potential security issues with the LOCAL
version of LOAD DATA
:
- The transfer of the file from the client host to the server host is initiated by the MySQL server. In theory, a patched server could be built that would tell the client program to transfer a file of the server’s choosing rather than the file named by the client in the
LOAD DATA
statement. Such a server could access any file on the client host to which the client user has read access. (A patched server could in fact reply with a file-transfer request to any statement, not justLOAD DATA LOCAL
, so a more fundamental issue is that clients should not connect to untrusted servers.) - In a Web environment where the clients are connecting from a Web server, a user could use
LOAD DATA LOCAL
to read any files that the Web server process has read access to (assuming that a user could run any statement against the SQL server). In this environment, the client with respect to the MySQL server actually is the Web server, not a remote program being run by users who connect to the Web server.
To avoid LOAD DATA
issues, clients should avoid using LOCAL
. To avoid connecting to untrusted servers, clients can establish a secure connection and verify the server identity by connecting using the --ssl-mode=VERIFY_IDENTITY
option and the appropriate CA certificate.
More Details can be found at MySQL
- Automating System Updates with Unattended-Upgrades on Ubuntu
- How to Add a Large Disk Partition as Storage in Proxmox VE
- How to Remove Radmin Viewer with PowerShell
- How to Automate Ubuntu Server System Updates and Package Installation
- Introducing Zevonix: Your Pathway to Smarter IT
Discover more from Patrick Domingues
Subscribe to get the latest posts sent to your email.