[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Security Advisory - MySQL



Cobalt Networks -- Security Advisory -- 02.12.2000

** NOTE **
MySQL does not come installed on any of Cobalt's products.  If you have
not installed MySQL, ignore this security advisory.

Problem: 
From: http://www.securityfocus.com/vdb/bottom.html?vid=975
"A vulnerability exists in the password verification scheme utilized by
MySQL. This vulnerability will allow any user on a machine that has been
granted access to connect to the database to connect as any user to that
database. Instead of having to know an account name and password, the
attacker need only know a legitimate account name. Versions from
3.22.26a and above are vulnerable. Prior versions may too be vulnerable;
this has not been confirmed."

Relevant products and architectures
Product         Architecture    	Vulnerable
Qube1           MIPS                    yes
Qube2           MIPS                    yes
RaQ1            MIPS                    yes
RaQ2            MIPS                    yes
RaQ3            x86                     yes

** NOTE **
MySQL is not supported on any Cobalt platform, these rpms are also
unsupported.  Please read the link below before proceeding.
ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/README

If you want to rebuild from source, you can find the patch I used at:
ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/access.patch

RPMS:
RaQ 1 - RaQ 2 - Qube 2 - Qube 1
ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/mips/
MySQL-3.22.30-1C1.mips.rpm
MySQL-bench-3.22.30-1C1.mips.rpm
MySQL-client-3.22.30-1C1.mips.rpm
MySQL-devel-3.22.30-1C1.mips.rpm

RaQ 3 
ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/i386/
MySQL-3.22.30-1C2.i386.rpm
MySQL-bench-3.22.30-1C2.i386.rpm
MySQL-client-3.22.30-1C2.i386.rpm
MySQL-devel-3.22.30-1C2.i386.rpm
MySQL-shared-3.22.30-1C2.i386.rpm

SRPMS: 
ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/
RaQ 1 - RaQ 2 - Qube 2 - Qube 1
MySQL-3.22.30-1C1.src.rpm

RaQ 3
MySQL-3.22.30-1C2.src.rpm

-
Jeff Bilicki
Software Engineer
Cobalt Networks




Sun Cobalt and Linux Support by Zeffie.com
A Sun Cobalt and Linux Support Specialist Since 1999
Sun Cobalt Support, Repairs, Development, and Maintenance.
Home of the Worlds Largest Collection of Sun Cobalt Updates!
Sun Cobalt Spam Filter, Security, Firewall, Anti Virus Products.
734-454-9117 US Toll Free 800-231-4459

Zeffie's Sun Cobalt User Forums
Zeffie's Sun Cobalt Restore CD's   Zeffie's Sun Cobalt Updates  
Sun Cobalt Users List   Sun Cobalt Security List   Sun Cobalt Developers List

Click here to buy me a drink at the local pub!
(includes tip and paypal fees)

Copyright 2009 by Electronic Consultants Inc.