View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0004129 | Kali Linux | Kali Package Bug | public | 2017-08-02 18:31 | 2017-09-08 10:20 |
Reporter | muts | Assigned To | rhertzog | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | no change required | ||
Product Version | 2017.1 | ||||
Summary | 0004129: Mysql sever contains a root mysql user authorized from aphrodite.kali.org | ||||
Description | The Mysql sever in the Kali ISO (and consequently in HD installs) contains a root mysql user authorized from aphrodite.kali.org. | ||||
Additional Information | aphrodite.kali.org is the machine where we build our i386/amd64 ISOs. It might be that the mysql package is setting this itself on installation... there is a debconf prompt for the root password and its default value is an empty string. While it probably should be set to root@localhost, it might to be taking the build server hostname instead. The mysql server is not enabled by default. When enabled, listens on the loopback device unless the mysql configuration file is explicitly set to listen on the external interface. | ||||
Unable to replicate on a fully updated kali-rolling instance, or an azure instance. MariaDB [(none)]> select user,host from mysql.user; MariaDB [(none)]> What additional info can you provide? Kali version, architecture, etc, would help a lot. |
|
Unable to replicate on Kali 2017.1. |
|
I was able to reproduce it on deployment from vm or iso downloaded before June 2017 of Kali 2017.1 but up-to-date. |
|
Is there any need to investigate this further since our latest release seems to be no longer be affected by the issue? |
|
I don't think that any fix is needed. The problem does not affect fresh install. It only affected an old version of mysql-server and we use mariadb currently. The impact is very limited and only affect mysql instances listening on a public IP address (which is not a good idea from the start). So I'm closing this ticket. |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2017-08-02 18:31 | muts | New Issue | |
2017-08-02 18:31 | muts | Status | new => assigned |
2017-08-02 18:31 | muts | Assigned To | => rhertzog |
2017-08-02 18:57 | muts | Additional Information Updated | |
2017-08-02 19:26 | muts | Note Added: 0006963 | |
2017-08-02 19:26 | muts | Note Edited: 0006963 | |
2017-08-02 19:26 | muts | Note Edited: 0006963 | |
2017-08-02 19:34 | muts | Note Added: 0006964 | |
2017-08-02 19:49 | muts | Additional Information Updated | |
2017-08-02 22:23 | radu.stanescu | Note Added: 0006965 | |
2017-08-07 15:35 | rhertzog | Note Added: 0006974 | |
2017-09-08 10:20 | rhertzog | Status | assigned => closed |
2017-09-08 10:20 | rhertzog | Resolution | open => no change required |
2017-09-08 10:20 | rhertzog | Note Added: 0007267 |