Originally Published: Tuesday, 1 February 2000 Author: Derrick H. Lewis
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

Caldera Systems, Inc. Security Advisory

[CALDERA] Caldera Systems has found a problem in MySQL password handling. A malicious user with access to run processes on the machine where MySQL server is running can hijack the entire database.

   Page 1 of 1  

-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________ Caldera Systems, Inc. Security Advisory

Subject: MySQL password handling Advisory number: CSSA-2000-001.0 Issue date: 2000 January, 31 Cross reference: ____________________________________________________________

1. Problem Description

Anyone with access to a running MySQL server and GRANT privilege for any database or table in the MySQL server, can change any MySQL-password he wishes, including the MySQL superuser's.

A malicious user with access to run processes on the machine where MySQL server is running can hijack the entire database. Even without access to run processes on the machine a malicious user can mount a denial of service attack on the server by setting the MySQL superuser's password to a random string.

2. Vulnerable Versions

Systems : OpenLinux eServer 2.3 Packages: previous to mysql-3.22.30-1S

OpenLinux Desktop 2.3 is not affected.

3. Solutions

The proper solution is to upgrade to the latest packages

rpm -F mysql-devel-3.22.30-1S.i386.rpm rpm -F mysql-bench-3.22.30-1S.i386.rpm rpm -F --force mysql-client-3.22.30-1S.i386.rpm rpm -F mysql-3.22.30-1S.i386.rpm

4. Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/eServer/updates/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderaystems.com/pub/eServer/updates/2.3/current/SRPMS

5. Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -F mysql-devel-3.22.30-1S.i386.rpm rpm -F mysql-bench-3.22.30-1S.i386.rpm rpm -F --force mysql-client-3.22.30-1S.i386.rpm rpm -F mysql-3.22.30-1S.i386.rpm 6. Verification

14e8bf07c14509ea50dea871ca11f9ae RPMS/mysql-3.22.30-1S.i386.rpm 6e9bf353f2525627a7c282de513df203 RPMS/mysql-bench-3.22.30-1S.i386.rpm b85c09d8873bf72345dc3a5b3ddc2f36 RPMS/mysql-client-3.22.30-1S.i386.rpm ddd594820dcd933e4262815c449ec8f7 RPMS/mysql-devel-3.22.30-1S.i386.rpm 311adde3d8d9b4a2a5c01fc870fddc59 SRPMS/mysql-3.22.30-1S.src.rpm

7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux.

____________________________________________________________

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org

iQCVAwUBOJa10en+9R4958LpAQHKFAP/U3dgin1h6GekXDtQq5Q8RpK+VE0gFktY FVoqXKgt2lHfWWa/1Zatt9Es88OwhYLXDt72/zgHuyEaOqxU4GwAqmCX1xddfrLz T9HQ7RL/+Yi9CuH/JfS5Y8/SOtPWubQZf+NvKPT/FU85WyT1VfmZs3rdaDRPlJFM sxjq9LjVgMk= =O6gK -----END PGP SIGNATURE-----





   Page 1 of 1