I assume that many people would have heard about this by now... =========8<------ cut ------------ http://linuxtoday.com/stories/16438.html Security Advisory: Remote access vulnerability in all MySQL server versions Feb 9, 2000, 06:40 UTC (3 Talkbacks) (Other stories by Robert van der Meulen) Date: Tue, 8 Feb 2000 20:03:32 +0100 From: Robert van der Meulen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Remote access vulnerability in all MySQL server versions Hi, Below you find a security advisory i wrote concerning a vulnerability found in all (known to me) mysql server versions, including the latest one. As mysql is a widely used sql platform, i strongly advise everyone using it to read it, and fix where appropriate. This email has been bcc'd to the mysql bug list, and other appropriate parties. Greets, Robert van der Meulen/Emphyrio .Introduction. There exists a vulnerability in the password checking routines in the latest versions of the MySQL server, that allows any user on a host that is allowed to connect to the server, to skip password authentication, and access databases. For the exploit to work, a valid username for the mysql server is needed, and this username must have access to the database server, when connecting from the attacking host. .Vulnerable Systems. All systems running 3.22.26a and up (tested). Probably all systems running lower versions as well (not tested, not reviewed). All versions are vulnerable on all platforms. =========8<------ cut ------------ I assume that a new mysql package for powertools will become available when an "official" fixed version is ready... Cheers Tony -=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=- Tony Nugent <[EMAIL PROTECTED]> Systems Administrator GrowZone OnLine (a project of) GrowZone Development Network POBox 475 Toowoomba Oueensland Australia 4350 Ph: 07 4637 8322 -=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=- -- To unsubscribe: mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
