[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Security Advisory - MySQL

Subject: Re: [cobalt-users] Security Advisory - MySQL
From: Dennis <dkc@xxxxxxxxxxxxx>
Date: Sat Feb 12 17:30:46 2000

Jeff-

If I install these RPMs will that void the install of PHP3 on the RaQ2. PHP3
was installed with the Cobalt RPMS.

Thanks,
        Dennis

Jeff Bilicki wrote:

> Cobalt Networks -- Security Advisory -- 02.12.2000
>
> ** NOTE **
> MySQL does not come installed on any of Cobalt's products.  If you have
> not installed MySQL, ignore this security advisory.
>
> Problem:
> From: http://www.securityfocus.com/vdb/bottom.html?vid=975
> "A vulnerability exists in the password verification scheme utilized by
> MySQL. This vulnerability will allow any user on a machine that has been
> granted access to connect to the database to connect as any user to that
> database. Instead of having to know an account name and password, the
> attacker need only know a legitimate account name. Versions from
> 3.22.26a and above are vulnerable. Prior versions may too be vulnerable;
> this has not been confirmed."
>
> Relevant products and architectures
> Product         Architecture            Vulnerable
> Qube1           MIPS                    yes
> Qube2           MIPS                    yes
> RaQ1            MIPS                    yes
> RaQ2            MIPS                    yes
> RaQ3            x86                     yes
>
> ** NOTE **
> MySQL is not supported on any Cobalt platform, these rpms are also
> unsupported.  Please read the link below before proceeding.
> ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/README
>
> If you want to rebuild from source, you can find the patch I used at:
> ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/access.patch
>
> RPMS:
> RaQ 1 - RaQ 2 - Qube 2 - Qube 1
> ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/mips/
> MySQL-3.22.30-1C1.mips.rpm
> MySQL-bench-3.22.30-1C1.mips.rpm
> MySQL-client-3.22.30-1C1.mips.rpm
> MySQL-devel-3.22.30-1C1.mips.rpm
>
> RaQ 3
> ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/i386/
> MySQL-3.22.30-1C2.i386.rpm
> MySQL-bench-3.22.30-1C2.i386.rpm
> MySQL-client-3.22.30-1C2.i386.rpm
> MySQL-devel-3.22.30-1C2.i386.rpm
> MySQL-shared-3.22.30-1C2.i386.rpm
>
> SRPMS:
> ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/
> RaQ 1 - RaQ 2 - Qube 2 - Qube 1
> MySQL-3.22.30-1C1.src.rpm
>
> RaQ 3
> MySQL-3.22.30-1C2.src.rpm
>
> -
> Jeff Bilicki
> Software Engineer
> Cobalt Networks
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- Re: [cobalt-users] Security Advisory - MySQL
  - From: Dennis

References:
- [cobalt-users] Security Advisory - MySQL
  - From: Jeff Bilicki

Prev by Date: Re: [cobalt-users] sorry! server-status
Next by Date: Re: [cobalt-users] Security Advisory - MySQL
Previous by thread: [cobalt-users] Security Advisory - MySQL
Next by thread: Re: [cobalt-users] Security Advisory - MySQL

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index