MySQL Flaw Lets Intruders Into Databases, Systems
admin at kclinux.net
admin at kclinux.net
Mon Dec 16 16:11:57 CST 2002
http://security.e-matters.de/advisories/042002.html
According to an advisory just published by e-matters GmbH, all but the
latest version of the GPLed MySQL package have vulnerabilities that make
them subject to denial of service attacks and arbitrary code execution. An
intruder across the Internet can crash the database server, bypass password
authentication, extract private data from the database, or (in some cases)
run code with all of the privileges of the database server. According to
the advisory, it's even easier for local users to break in.
To close the hole, it's necessary to upgrade to MySQL 3.23.54, which was
released on 12 December 2002 to fix the vulnerabilities.
More information about the Kclug
mailing list