MySQL Security Alert ⇒ News ⇒ CPG Dragonfly™ CMS

Security MySQL Security Alert

Posted by Robru on (5531 views)
This is a security alert about the UDF Worm that is infecting MySQL servers running on Microsoft Windows with poor firewall and password security
Security Alert 01/27/2005 1. What is the UDF Worm? The UDF Worm is self-propagating code that is finding MySQL servers running on Microsoft Windows with poor firewall and password security. This worm does not exploit any bugs in MySQL. It does exploit poor security setups for firewalls and passwords. This worm is Microsoft Windows specific; it is unlikely to infect any Linux or UNIX compatible environments. 2. What is a User Defined Function (UDF)? A User Defined Function, often referred to as a UDF, is a part of the ANSI SQL-99 specification. This feature allows developers to create custom functions. It is a common feature among the major database products. 3. What does the UDF Worm do? The UDF Worm looks for MySQL servers running on Microsoft Windows that have been exposed to the internet and have either weak or no passwords installed on the account named "root". Once it finds an account it installs a UDF, and then uses that machine to infect other machines. 4. How do I know if my MySQL installation has been infected? Run the following SQL statement: SELECT * FROM mysql.func; If a UDF is found with a name of "app_result" then you have been infected with the worm. You should look at all UDFs and determine whether or not they are legitimate. The worm is likely to mutate over time and will take on different UDF names. 5. How do I disinfect my system? You may be able to remove the worm by running the following SQL statement: DROP FUNCTION app_result; Removing the worm does not secure a compromised machine. For one discussion of how to secure a compromised Microsoft Windows machines, please see this article. To prevent the worm from connecting to your database you should verify that all of your current accounts have passwords and that they are strong passwords (i.e. not easily guess-able). And remember to use firewalls and strong passwords to protect your MySQL Servers. Please consult your security advisors for the best way to protect your systems. 6. How do I protect my MySQL Servers on Microsoft Windows? There are 2 basic steps to protect your MySQL Servers: Always use strong passwords on all accounts. Use firewalls to protect your MySQL Servers. 7. Is this a vulnerability on Microsoft Windows, Linux, or Unix? This worm is Microsoft Windows specific; it is unlikely to infect any Linux or UNIX compatible environments. Learn more about strong passwords and firewall setups for Microsoft Windows here: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_password_tips.mspx http://www.microsoft.com/athome/security/protect/firewall.mspx 8. What is MySQL AB doing about this? We will continue to educate our users about security (strong passwords and firewalls) on Microsoft Windows. 9. What are others in the Open Source and security communities saying about this issue? For more findings on the UDF Worm, see: Handler's Diary (SANS Institute) 10. Where can I report my observations? Please report all security issues to security@mysql.com

Comments

by
on

Well the real problem isn't windows, it's trusting your system without proper authentication setup and lack of a a decent firewall.

As nice as it is to say 'I run linux so I'm better' is nonsense. I run Mysql on a windows box and it's open to the internet, and has never been a victim of abuse to date, and I've seen these worms attempt to get into my network, as I'm sure you've seen them try to enter your networks.

Good password protection ALONE would protect you against this.

So please, as valid as this notice is, the problem is simply not knowing how to set up Mysql properly. Something I see done on linux systems all the time three times more than I see in windows. Why is this? Because idiots think linux is more secure.

Score: 1 |
Reply Anonymous ( Login | Register )
Article Rating
Average Score: 4.4
Votes: 5
★★★★
Please take a second and vote for this article:
News last 5 articles
Dragonfly CMS v10 [ 1 comment - 3717 views ]
SpyHunter opens lawsuit against bleepingcomputer.com [ 0 comments - 2957 views ]
v10 gets Emoji support [ 0 comments - 13021 views ]
Dragonfly CMS 9.3.4.0 released! [ 0 comments - 2424 views ]
DizWebDesign Update [ 0 comments - 2170 views ]

User Info
Dragonfly CMS v10 [ 1 comment - 3717 views ]
SpyHunter opens lawsuit against bleepingcomputer.com [ 0 comments - 2957 views ]
v10 gets Emoji support [ 0 comments - 13021 views ]
Dragonfly CMS 9.3.4.0 released! [ 0 comments - 2424 views ]
DizWebDesign Update [ 0 comments - 2170 views ]

Community
Dragonfly CMS v10 [ 1 comment - 3717 views ]
SpyHunter opens lawsuit against bleepingcomputer.com [ 0 comments - 2957 views ]
v10 gets Emoji support [ 0 comments - 13021 views ]
Dragonfly CMS 9.3.4.0 released! [ 0 comments - 2424 views ]
DizWebDesign Update [ 0 comments - 2170 views ]