Security flaw in MySQL



  • Just came across this:

    [url]http://arstechnica.com/information-technology/2012/06/security-flaw-in-mysql-mariadb-allows-access-with-any-password-just-keep-submitting-it/[/url]

    [LEFT][SIZE=15px][FONT=Arial][COLOR=#263034]The affected versions …[/COLOR][/FONT][/SIZE][/LEFT][LEFT][SIZE=15px][FONT=Arial][COLOR=#263034], include those provided with the following Linux distributions: Ubuntu Linux 64-bit (10.04, 10.10, 11.04, 11.10, 12.04 ), OpenSuSE 12.1 64-bit MySQL 5.5.23-log, Fedora 16 64-bit, and Arch Linux. Official builds of MariaDB and MySQL are not vulnerable.[/COLOR][/FONT][/SIZE][/LEFT]


  • Moderator

    Ubuntu 10.04 LTS
    mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1

    [CODE] dpkg --get-selections | grep [m]ysql*
    libdbd-mysql-perl install
    libmysqlclient16 install
    mysql-client install
    mysql-client-5.1 install
    mysql-client-core-5.1 install
    mysql-common install
    mysql-server install
    mysql-server-5.1 install
    mysql-server-core-5.1 install
    php5-mysql install
    [/CODE]

    I could not connect using the root account and a bad password out of 51,152 attempts using a php script.


Log in to reply
 

436
Online

38995
Users

10715
Topics

101715
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.