[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] MySQL and RaQ 1

Subject: Re: [cobalt-users] MySQL and RaQ 1
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
Date: Fri Aug 10 07:38:44 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

"Tomas Garcia Ferrari" <tgf@xxxxxxxxxxx> wrote:
> Yes. It's possible. I'd done it. I have running MySQL-client-3.22.21-2C1,
> MySQL-devel-3.22.21-2C1 and MySQL-3.22.21-2C1 on a RaQ1 server. You can
find
> this in .rpm format (for mips) in
ftp://ftp.cobaltnet.com/pub/experimental/
> . It's not the latest MySQL (3.23.40, in the moment), but maybe it's good
> enough for you...

Tomás and Mike,

In case you don't know that version is succeptable to an exploit that will
allow others to change the MySQL root user password, from which point they
can create users, delete databases, etc.  You can control it by not allowing
other users to access MySQL, removing GRANT privileges for users or
installing a more recent version of MySQL.  See
http://www.securiteam.com/exploits/5IP0E1P0KU.html.  In addition to this
exploit and other potential exploits that may exist (I can't recall since
3.22.21 is about 2 years old) you'll be missing out on a lot of
functionality and advantages associated with 3.23.  I don't want to scare
you, just wanted you to be aware.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/

References:
- Re: [cobalt-users] MySQL and RaQ 1
  - From: Tomas Garcia Ferrari

Prev by Date: Re: [cobalt-users] MySQL and RaQ 1
Next by Date: [cobalt-users] Web based email for Raq3
Previous by thread: Re: [cobalt-users] MySQL and RaQ 1
Next by thread: Re: [cobalt-users] MySQL and RaQ 1

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index