RSSMySQL Patches Security Flaws
By Ed Oswald | Published May 4, 2006, 2:08 PM
Open source database company MySQL issued a security update to address flaws in its product that could open up users to attack. Rated a "moderate risk" vulnerability by FrSIRT, one of the flaws involves a buffer overflow that could allow for code execution, while the other two involve a validation error, and could expose information within system memory.
The issue affects MySQL versions 4.0.26, 4.1.18. 5.0.20 and 5.1.9, as well as prior versions of those major releases. The most recent version, MySQL 5.0, was released last fall and has seen quick adoption among users of the open source database software.
to dammit_i_changed: these particular bugs are as far as i can tell only exploitable if you let someone access your mysql server.
you can set up mysql to only listen to connections from localhost and only accept connections from localhost.
also use a firewall and block the mysql port.
if its something you run on your home pc i wouldn't be too concerned with these bugs.
however upgrading from one 5.0.x release to another is not more complicated than running the setup program, at least on windows platform
and extra props to Stefano Di Paola for finding these bugs
Score: 0
|Doh just got Apache 2.2.2 all set up with mod_Ssl, php and mysql now this :(
Well done to MySQL for fixing it tho
Score: 0
|You don't need to change your apache setup. And if you don't give your users direct access to MySQL this is almost impossible to exploit.
But if you are still worried just update MySQL.
Score: 0
|I know I don't have to change apache again just a pain after having it nicly set up to be upgrading sql already.
Score: 0
|Gee, maybe you should try Debian
# apt-get update
# apt-get upgrade
and you're all done.
Score: 0
|