[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Security Advisory - MySQL

Subject: Re: [cobalt-users] Security Advisory - MySQL
From: Jeff Bilicki <jeffb@xxxxxxxxxx>
Date: Sun Feb 13 01:11:16 2000

I do not think so but, I did not have time to test this
aspect of the new rpms.  I used the pretty much the same spec file to
build the rpms. If a MySQL/PHP guru would not mind giving it the once
over, it would be greatly appreciated.

Jeff-

On Sat, 12 Feb 2000, Dennis wrote:

> Yes. I meant will the PHP interaction with MySQL cease to exist?
> 
> Tony wrote:
> 
> > PHP is not officially supported either.
> > Did you mean 'Will it break the current install of PHP'?
> > Probably.
> >
> > -----Original Message-----
> > From: cobalt-users-admin@xxxxxxxxxxxxxxx
> > [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Dennis
> > Sent: Saturday, February 12, 2000 7:50 PM
> > To: cobalt-users@xxxxxxxxxxxxxxx
> > Subject: Re: [cobalt-users] Security Advisory - MySQL
> >
> > Ok. Let me rephrase that... will it void the support of PHP if a new version
> > of
> > MySQL is installed without updating or reinstalling PHP.
> >
> > Dennis wrote:
> >
> > > Jeff-
> > >
> > > If I install these RPMs will that void the install of PHP3 on the RaQ2.
> > PHP3
> > > was installed with the Cobalt RPMS.
> > >
> > > Thanks,
> > >         Dennis
> > >
> > > Jeff Bilicki wrote:
> > >
> > > > Cobalt Networks -- Security Advisory -- 02.12.2000
> > > >
> > > > ** NOTE **
> > > > MySQL does not come installed on any of Cobalt's products.  If you have
> > > > not installed MySQL, ignore this security advisory.
> > > >
> > > > Problem:
> > > > From: http://www.securityfocus.com/vdb/bottom.html?vid=975
> > > > "A vulnerability exists in the password verification scheme utilized by
> > > > MySQL. This vulnerability will allow any user on a machine that has been
> > > > granted access to connect to the database to connect as any user to that
> > > > database. Instead of having to know an account name and password, the
> > > > attacker need only know a legitimate account name. Versions from
> > > > 3.22.26a and above are vulnerable. Prior versions may too be vulnerable;
> > > > this has not been confirmed."
> > > >
> > > > Relevant products and architectures
> > > > Product         Architecture            Vulnerable
> > > > Qube1           MIPS                    yes
> > > > Qube2           MIPS                    yes
> > > > RaQ1            MIPS                    yes
> > > > RaQ2            MIPS                    yes
> > > > RaQ3            x86                     yes
> > > >
> > > > ** NOTE **
> > > > MySQL is not supported on any Cobalt platform, these rpms are also
> > > > unsupported.  Please read the link below before proceeding.
> > > > ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/README
> > > >
> > > > If you want to rebuild from source, you can find the patch I used at:
> > > > ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/access.patch
> > > >
> > > > RPMS:
> > > > RaQ 1 - RaQ 2 - Qube 2 - Qube 1
> > > > ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/mips/
> > > > MySQL-3.22.30-1C1.mips.rpm
> > > > MySQL-bench-3.22.30-1C1.mips.rpm
> > > > MySQL-client-3.22.30-1C1.mips.rpm
> > > > MySQL-devel-3.22.30-1C1.mips.rpm
> > > >
> > > > RaQ 3
> > > > ftp://ftp.cobaltnet.com/pub/experimental/security/mysql/i386/
> > > > MySQL-3.22.30-1C2.i386.rpm
> > > > MySQL-bench-3.22.30-1C2.i386.rpm
> > > > MySQL-client-3.22.30-1C2.i386.rpm
> > > > MySQL-devel-3.22.30-1C2.i386.rpm
> > > > MySQL-shared-3.22.30-1C2.i386.rpm
> > > >
> > > > SRPMS:
> > > > ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/
> > > > RaQ 1 - RaQ 2 - Qube 2 - Qube 1
> > > > MySQL-3.22.30-1C1.src.rpm
> > > >
> > > > RaQ 3
> > > > MySQL-3.22.30-1C2.src.rpm
> > > >
> > > > -
> > > > Jeff Bilicki
> > > > Software Engineer
> > > > Cobalt Networks
> > > >
> > > > _______________________________________________
> > > > cobalt-users mailing list
> > > > cobalt-users@xxxxxxxxxxxxxxx
> > > > http://list.cobalt.com/mailman/listinfo/cobalt-users
> > >
> > > _______________________________________________
> > > cobalt-users mailing list
> > > cobalt-users@xxxxxxxxxxxxxxx
> > > http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
> > _______________________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
> > _______________________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
> 
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

References:
- Re: [cobalt-users] Security Advisory - MySQL
  - From: Dennis

Prev by Date: [cobalt-users] Server Hacked?
Next by Date: Re: [cobalt-users] Password protection problems
Previous by thread: Re: [cobalt-users] Security Advisory - MySQL
Next by thread: Re: [cobalt-users] Security Advisory - MySQL

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index