View Issue Details

IDProjectCategoryView StatusLast Update
0004129Kali LinuxKali Package Bugpublic2017-09-08 10:20
Reportermuts Assigned Torhertzog  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionno change required 
Product Version2017.1 
Summary0004129: Mysql sever contains a root mysql user authorized from aphrodite.kali.org
Description

The Mysql sever in the Kali ISO (and consequently in HD installs) contains a root mysql user authorized from aphrodite.kali.org.

Additional Information

aphrodite.kali.org is the machine where we build our i386/amd64 ISOs.

It might be that the mysql package is setting this itself on installation... there is a debconf prompt for the root password and its default value is an empty string. While it probably should be set to root@localhost, it might to be taking the build server hostname instead.

The mysql server is not enabled by default. When enabled, listens on the loopback device unless the mysql configuration file is explicitly set to listen on the external interface.

Activities

muts

muts

2017-08-02 19:26

reporter   ~0006963

Last edited: 2017-08-02 19:26

Unable to replicate on a fully updated kali-rolling instance, or an azure instance.

MariaDB [(none)]> select user,host from mysql.user;
+------+-----------+
| user | host |
+------+-----------+
| root | localhost |
+------+-----------+
1 row in set (0.00 sec)

MariaDB [(none)]>

What additional info can you provide? Kali version, architecture, etc, would help a lot.

muts

muts

2017-08-02 19:34

reporter   ~0006964

Unable to replicate on Kali 2017.1.

radu.stanescu

radu.stanescu

2017-08-02 22:23

reporter   ~0006965

I was able to reproduce it on deployment from vm or iso downloaded before June 2017 of Kali 2017.1 but up-to-date.
On the latest ISO / VM downloaded from the website the issue is not anymore..

rhertzog

rhertzog

2017-08-07 15:35

administrator   ~0006974

Is there any need to investigate this further since our latest release seems to be no longer be affected by the issue?

rhertzog

rhertzog

2017-09-08 10:20

administrator   ~0007267

I don't think that any fix is needed. The problem does not affect fresh install. It only affected an old version of mysql-server and we use mariadb currently.

The impact is very limited and only affect mysql instances listening on a public IP address (which is not a good idea from the start). So I'm closing this ticket.

Issue History

Date Modified Username Field Change
2017-08-02 18:31 muts New Issue
2017-08-02 18:31 muts Status new => assigned
2017-08-02 18:31 muts Assigned To => rhertzog
2017-08-02 18:57 muts Additional Information Updated
2017-08-02 19:26 muts Note Added: 0006963
2017-08-02 19:26 muts Note Edited: 0006963
2017-08-02 19:26 muts Note Edited: 0006963
2017-08-02 19:34 muts Note Added: 0006964
2017-08-02 19:49 muts Additional Information Updated
2017-08-02 22:23 radu.stanescu Note Added: 0006965
2017-08-07 15:35 rhertzog Note Added: 0006974
2017-09-08 10:20 rhertzog Status assigned => closed
2017-09-08 10:20 rhertzog Resolution open => no change required
2017-09-08 10:20 rhertzog Note Added: 0007267