[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Security Advisory - MySQL

Subject: Re: [cobalt-users] Security Advisory - MySQL
From: Dennis <dkc@xxxxxxxxxxxxx>
Date: Sat Feb 12 17:50:46 2000

Ok. Let me rephrase that... will it void the support of PHP if a new version of
MySQL is installed without updating or reinstalling PHP.

Dennis wrote:

> Jeff-
>
> If I install these RPMs will that void the install of PHP3 on the RaQ2. PHP3
> was installed with the Cobalt RPMS.
>
> Thanks,
>         Dennis
>
> Jeff Bilicki wrote:
>
> > Cobalt Networks -- Security Advisory -- 02.12.2000
> >
> > ** NOTE **
> > MySQL does not come installed on any of Cobalt's products.  If you have
> > not installed MySQL, ignore this security advisory.
> >
> > Problem:
> > From: http://www.securityfocus.com/vdb/bottom.html?vid=975
> > "A vulnerability exists in the password verification scheme utilized by
> > MySQL. This vulnerability will allow any user on a machine that has been
> > granted access to connect to the database to connect as any user to that
> > database. Instead of having to know an account name and password, the
> > attacker need only know a legitimate account name. Versions from
> > 3.22.26a and above are vulnerable. Prior versions may too be vulnerable;
> > this has not been confirmed."
> >
> > Relevant products and architectures
> > Product         Architecture            Vulnerable
> > Qube1           MIPS                    yes
> > Qube2           MIPS                    yes
> > RaQ1            MIPS                    yes
> > RaQ2            MIPS                    yes
> > RaQ3            x86                     yes
> >
> > ** NOTE **
> > MySQL is not supported on any Cobalt platform, these rpms are also
> > unsupported.  Please read the link below before proceeding.
> > ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/README
> >
> > If you want to rebuild from source, you can find the patch I used at:
> > ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/access.patch
> >
> > RPMS:
> > RaQ 1 - RaQ 2 - Qube 2 - Qube 1
> > ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/mips/
> > MySQL-3.22.30-1C1.mips.rpm
> > MySQL-bench-3.22.30-1C1.mips.rpm
> > MySQL-client-3.22.30-1C1.mips.rpm
> > MySQL-devel-3.22.30-1C1.mips.rpm
> >
> > RaQ 3
> > ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/i386/
> > MySQL-3.22.30-1C2.i386.rpm
> > MySQL-bench-3.22.30-1C2.i386.rpm
> > MySQL-client-3.22.30-1C2.i386.rpm
> > MySQL-devel-3.22.30-1C2.i386.rpm
> > MySQL-shared-3.22.30-1C2.i386.rpm
> >
> > SRPMS:
> > ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/
> > RaQ 1 - RaQ 2 - Qube 2 - Qube 1
> > MySQL-3.22.30-1C1.src.rpm
> >
> > RaQ 3
> > MySQL-3.22.30-1C2.src.rpm
> >
> > -
> > Jeff Bilicki
> > Software Engineer
> > Cobalt Networks
> >
> > _______________________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- RE: [cobalt-users] Security Advisory - MySQL
  - From: Tony

References:
- [cobalt-users] Security Advisory - MySQL
  - From: Jeff Bilicki
- Re: [cobalt-users] Security Advisory - MySQL
  - From: Dennis

Prev by Date: Re: [cobalt-users] Security Advisory - MySQL
Next by Date: Re: [cobalt-users] Where are the RaQ gurus?
Previous by thread: Re: [cobalt-users] Security Advisory - MySQL
Next by thread: RE: [cobalt-users] Security Advisory - MySQL

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index