store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Sat May 25, 2013 7:24 pm

View unanswered posts | View active topics


Board index » Customer Support Forums » Security Alerts

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 4 posts ] 
  Print view Previous topic | First unread post | Next topic 
Author Message
breun
 Post subject: MySQL authentication bypass exploit
Unread postPosted: Mon Jun 11, 2012 4:05 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
https://www.secmaniac.com/blog/2012/06/ ... s-exploit/

_________________
Lemonbit Internet Dedicated Server Management

Top
 Profile  
 
scott
 Post subject: Re: MySQL authentication bypass exploit
Unread postPosted: Mon Jun 11, 2012 8:44 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7429
Location: earth
Atomic builds of mysql are not vulnerable to this exploit. We just went through and tested just about everything we did as far back as 5.0.90 without success.

Fedora 17, native 5.5.23 (not atomic) *is* vulnerable, as are just about every version on debian or ubuntu. If you are using a vulnerable version and cannot upgrade to the atomic build, this is about as critical a vulnerability as it gets. Its exploitable by the most unsophisticated of attackers, and very fast.
Top
 Profile  
 
breun
 Post subject: Re: MySQL authentication bypass exploit
Unread postPosted: Mon Jun 11, 2012 9:09 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
Also see this Red Hat Bugzilla report: http://bugzilla.redhat.com/show_bug.cgi?id=814605

According to http://bugzilla.redhat.com/show_bug.cgi?id=814605#c19 EL4-6 are not vulnerable, but x86_64 SSE4 builds, like the Fedora one, are.

_________________
Lemonbit Internet Dedicated Server Management

Top
 Profile  
 
scott
 Post subject: Re: MySQL authentication bypass exploit
Unread postPosted: Mon Jun 11, 2012 10:13 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7429
Location: earth
as this is a compiler introduced vulnerability, I would expect to see more attacks of this nature pop up in the future.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 4 posts ] 

Board index » Customer Support Forums » Security Alerts

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group