---

Home Security

Caldera Systems Security Advisory: MySQL password handling

By

[ Note: We apologize for being late in bringing you this
security advisory. lt-ed. ]

Caldera Systems, Inc. Security Advisory

Subject: MySQL password handling
Advisory number: CSSA-2000-001.0
Issue date: 2000 January, 31
Cross reference:

1. Problem Description

Anyone with access to a running MySQL server and GRANT privilege
for any database or table in the MySQL server, can change any
MySQL-password he wishes, including the MySQL superuser’s.

A malicious user with access to run processes on the machine
where MySQL server is running can hijack the entire database. Even
without access to run processes on the machine a malicious user can
mount a denial of service attack on the server by setting the MySQL
superuser’s password to a random string.

2. Vulnerable Versions

Systems : OpenLinux eServer 2.3
Packages: previous to mysql-3.22.30-1S

OpenLinux Desktop 2.3 is not affected.

3. Solutions

The proper solution is to upgrade to the latest packages

rpm -F mysql-devel-3.22.30-1S.i386.rpm
rpm -F mysql-bench-3.22.30-1S.i386.rpm
rpm -F –force mysql-client-3.22.30-1S.i386.rpm
rpm -F mysql-3.22.30-1S.i386.rpm

4. Location of Fixed Packages

The upgrade packages can be found on Caldera’s FTP site at:


ftp://ftp.calderasystems.com/pub/eServer/updates/2.3/current/RPMS/

The corresponding source code package can be found at:


ftp://ftp.calderaystems.com/pub/eServer/updates/2.3/current/SRPMS

5. Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -F mysql-devel-3.22.30-1S.i386.rpm
rpm -F mysql-bench-3.22.30-1S.i386.rpm
rpm -F –force mysql-client-3.22.30-1S.i386.rpm
rpm -F mysql-3.22.30-1S.i386.rpm

6. Verification

14e8bf07c14509ea50dea871ca11f9ae RPMS/mysql-3.22.30-1S.i386.rpm
6e9bf353f2525627a7c282de513df203 RPMS/mysql-bench-3.22.30-1S.i386.rpm
b85c09d8873bf72345dc3a5b3ddc2f36 RPMS/mysql-client-3.22.30-1S.i386.rpm
ddd594820dcd933e4262815c449ec8f7 RPMS/mysql-devel-3.22.30-1S.i386.rpm
311adde3d8d9b4a2a5c01fc870fddc59 SRPMS/mysql-3.22.30-1S.src.rpm

7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

8. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any
of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera
OpenLinux.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.