Your message dated Mon, 21 Nov 2005 00:34:04 +0100
with message-id <[EMAIL PROTECTED]>
and subject line [Bug 16205] MySQL Authentication Bypass Vulnerability
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 26 Sep 2005 13:06:30 +0000
>From [EMAIL PROTECTED] Mon Sep 26 06:06:30 2005
Return-path: <[EMAIL PROTECTED]>
Received: from box79162.elkhouse.de [213.9.79.162]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EJsgg-0007kA-00; Mon, 26 Sep 2005 06:06:30 -0700
Received: from localhost.localdomain (unknown [195.227.105.180])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Martin Pitt (workstation)", Issuer "piware CA" (verified
OK))
by box79162.elkhouse.de (Postfix) with ESMTP id D24C019637E
for <[EMAIL PROTECTED]>; Mon, 26 Sep 2005 15:05:54 +0200 (CEST)
Received: by localhost.localdomain (Postfix, from userid 1000)
id A3A951FDA9; Mon, 26 Sep 2005 15:05:51 +0200 (CEST)
Date: Mon, 26 Sep 2005 15:05:51 +0200
From: Martin Pitt <[EMAIL PROTECTED]>
To: Debian BTS Submit <[EMAIL PROTECTED]>
Subject: mysql-server-4.1: Authentication bypass
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s"
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--SLDf9lqlvOQaIe6s
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: mysql-server-4.1
Version: 4.1.12-1
Severity: grave
Tags: security
Hi Christian!
MySQL 4.1 and 5.0 are prone to an authentication bypass:
http://www.nextgenss.com/advisories/mysql-authbypass.txt
4.0 seems to be unaffected. There is no CAN number yet.
Thanks,
Martin
--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
--SLDf9lqlvOQaIe6s
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDN/IvDecnbV4Fd/IRAgeGAJ4mMcalYeZSsDAktg9DBTrwhQwxeACg6KlX
G8daD91sb6FWhDtAGBp/UsE=
=cZEj
-----END PGP SIGNATURE-----
--SLDf9lqlvOQaIe6s--
---------------------------------------
Received: (at 330164-done) by bugs.debian.org; 20 Nov 2005 23:34:09 +0000
>From [EMAIL PROTECTED] Sun Nov 20 15:34:09 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail3b.westend.com ([212.117.79.78] helo=mail3b2.westend.com)
by spohr.debian.org with esmtp (Exim 4.50)
id 1EdyhF-0001zG-A2
for [EMAIL PROTECTED]; Sun, 20 Nov 2005 15:34:09 -0800
Received: from localhost (localhost [127.0.0.1])
by mail3b2.westend.com (Postfix) with ESMTP id C6C8D1212B2
for <[EMAIL PROTECTED]>; Mon, 21 Nov 2005 00:34:07 +0100 (CET)
Received: from mail3b2.westend.com ([127.0.0.1])
by localhost (mail3b [127.0.0.1]) (amavisd-new, port 20024)
with ESMTP id 28410-08 for <[EMAIL PROTECTED]>;
Mon, 21 Nov 2005 00:34:04 +0100 (CET)
Received: from app109.intern (gate.lathspell.de [212.117.68.82])
by mail3b2.westend.com (Postfix) with ESMTP id AF86312128D
for <[EMAIL PROTECTED]>; Mon, 21 Nov 2005 00:34:04 +0100 (CET)
Date: Mon, 21 Nov 2005 00:34:04 +0100
From: Christian Hammers <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [Bug 16205] MySQL Authentication Bypass Vulnerability
Message-ID: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
X-Mailer: Sylpheed-Claws 1.0.5 (GTK+ 1.2.10; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
Well, I'm doing the same as Ubuntu and close this bug report as nobody could
verify the existence of this bug.
On 2005-11-18 [EMAIL PROTECTED] wrote:
> -- Additional Comments From [EMAIL PROTECTED] 2005-11-18 12:15 UTC --
> Nobody was actually able to get unauthorized access, so I close
> this now.
bye,
-christian-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
