MySQL Flaw Lets Intruders Into Databases, Systems

Tuesday Dec 17th 2002 by DatabaseJournal.com Staff
Share:

According to an advisory recently published by e-matters GmbH, all but the latest version of the GPLed MySQL package have vulnerabilities that make them subject to denial of service attacks and arbitrary code execution.

[From ExtremeTech]

According to an advisory recently published by e-matters GmbH, all editions of MySQL (with the exception of the latest version of the GPLed MySQL package) have vulnerabilities that make them subject to denial of service attacks and arbitrary code execution. An intruder across the Internet can crash the database server, bypass password authentication, extract private data from the database, or (in some cases) run code with all of the privileges of the database server. According to the advisory, it's even easier for local users to break in.

To close the hole, it's necessary to upgrade to MySQL 3.23.54, which was released on 12 December 2002 with the purpose of fixing the vulnerabilities.

The complete article is available at http://www.extremetech.com/article2/0,3973,765036,00.asp.


Back to Database Journal Home

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved