[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Security Advisory - MySQL
- Subject: Re: [cobalt-users] Security Advisory - MySQL
- From: Dennis <dkc@xxxxxxxxxxxxx>
- Date: Sat Feb 12 18:54:06 2000
Yes. I meant will the PHP interaction with MySQL cease to exist?
Tony wrote:
> PHP is not officially supported either.
> Did you mean 'Will it break the current install of PHP'?
> Probably.
>
> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Dennis
> Sent: Saturday, February 12, 2000 7:50 PM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] Security Advisory - MySQL
>
> Ok. Let me rephrase that... will it void the support of PHP if a new version
> of
> MySQL is installed without updating or reinstalling PHP.
>
> Dennis wrote:
>
> > Jeff-
> >
> > If I install these RPMs will that void the install of PHP3 on the RaQ2.
> PHP3
> > was installed with the Cobalt RPMS.
> >
> > Thanks,
> > Dennis
> >
> > Jeff Bilicki wrote:
> >
> > > Cobalt Networks -- Security Advisory -- 02.12.2000
> > >
> > > ** NOTE **
> > > MySQL does not come installed on any of Cobalt's products. If you have
> > > not installed MySQL, ignore this security advisory.
> > >
> > > Problem:
> > > From: http://www.securityfocus.com/vdb/bottom.html?vid=975
> > > "A vulnerability exists in the password verification scheme utilized by
> > > MySQL. This vulnerability will allow any user on a machine that has been
> > > granted access to connect to the database to connect as any user to that
> > > database. Instead of having to know an account name and password, the
> > > attacker need only know a legitimate account name. Versions from
> > > 3.22.26a and above are vulnerable. Prior versions may too be vulnerable;
> > > this has not been confirmed."
> > >
> > > Relevant products and architectures
> > > Product Architecture Vulnerable
> > > Qube1 MIPS yes
> > > Qube2 MIPS yes
> > > RaQ1 MIPS yes
> > > RaQ2 MIPS yes
> > > RaQ3 x86 yes
> > >
> > > ** NOTE **
> > > MySQL is not supported on any Cobalt platform, these rpms are also
> > > unsupported. Please read the link below before proceeding.
> > > ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/README
> > >
> > > If you want to rebuild from source, you can find the patch I used at:
> > > ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/access.patch
> > >
> > > RPMS:
> > > RaQ 1 - RaQ 2 - Qube 2 - Qube 1
> > > ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/mips/
> > > MySQL-3.22.30-1C1.mips.rpm
> > > MySQL-bench-3.22.30-1C1.mips.rpm
> > > MySQL-client-3.22.30-1C1.mips.rpm
> > > MySQL-devel-3.22.30-1C1.mips.rpm
> > >
> > > RaQ 3
> > > ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/i386/
> > > MySQL-3.22.30-1C2.i386.rpm
> > > MySQL-bench-3.22.30-1C2.i386.rpm
> > > MySQL-client-3.22.30-1C2.i386.rpm
> > > MySQL-devel-3.22.30-1C2.i386.rpm
> > > MySQL-shared-3.22.30-1C2.i386.rpm
> > >
> > > SRPMS:
> > > ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/
> > > RaQ 1 - RaQ 2 - Qube 2 - Qube 1
> > > MySQL-3.22.30-1C1.src.rpm
> > >
> > > RaQ 3
> > > MySQL-3.22.30-1C2.src.rpm
> > >
> > > -
> > > Jeff Bilicki
> > > Software Engineer
> > > Cobalt Networks
> > >
> > > _______________________________________________
> > > cobalt-users mailing list
> > > cobalt-users@xxxxxxxxxxxxxxx
> > > http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
> > _______________________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users