Cobalt Networks -- Security Advisory -- 02.12.2000 ** NOTE ** MySQL does not come installed on any of Cobalt's products. If you have not installed MySQL, ignore this security advisory. Problem: From: http://www.securityfocus.com/vdb/bottom.html?vid=975 "A vulnerability exists in the password verification scheme utilized by MySQL. This vulnerability will allow any user on a machine that has been granted access to connect to the database to connect as any user to that database. Instead of having to know an account name and password, the attacker need only know a legitimate account name. Versions from 3.22.26a and above are vulnerable. Prior versions may too be vulnerable; this has not been confirmed." Relevant products and architectures Product Architecture Vulnerable Qube1 MIPS yes Qube2 MIPS yes RaQ1 MIPS yes RaQ2 MIPS yes RaQ3 x86 yes ** NOTE ** MySQL is not supported on any Cobalt platform, these rpms are also unsupported. Please read the link below before proceeding. ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/README If you want to rebuild from source, you can find the patch I used at: ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/access.patch RPMS: RaQ 1 - RaQ 2 - Qube 2 - Qube 1 ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/mips/ MySQL-3.22.30-1C1.mips.rpm MySQL-bench-3.22.30-1C1.mips.rpm MySQL-client-3.22.30-1C1.mips.rpm MySQL-devel-3.22.30-1C1.mips.rpm RaQ 3 ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/i386/ MySQL-3.22.30-1C2.i386.rpm MySQL-bench-3.22.30-1C2.i386.rpm MySQL-client-3.22.30-1C2.i386.rpm MySQL-devel-3.22.30-1C2.i386.rpm MySQL-shared-3.22.30-1C2.i386.rpm SRPMS: ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/ RaQ 1 - RaQ 2 - Qube 2 - Qube 1 MySQL-3.22.30-1C1.src.rpm RaQ 3 MySQL-3.22.30-1C2.src.rpm - Jeff Bilicki Software Engineer Cobalt Networks
Sun Cobalt and other Linux administration by Zeffie
A Sun Cobalt and Linux Specialist Since 1999
Sun Cobalt Repairs, Development, and Maintenance.
Home of the Worlds Largest Collection of Sun Cobalt Updates!
Sun Cobalt Spam Filter, Security, Firewall, Anti Virus Products.
734-454-9117 US Toll Free 800-231-4459
Copyright 2009 by Electronic Consultants Inc.