According to an advisory recently published by e-matters GmbH, all editions of MySQL (with the exception of the latest version of the GPLed MySQL package) have vulnerabilities that make them subject to denial of service attacks and arbitrary code execution. An intruder across the Internet can crash the database server, bypass password authentication, extract private data from the database, or (in some cases) run code with all of the privileges of the database server. According to the advisory, it's even easier for local users to break in.
To close the hole, it's necessary to upgrade to MySQL 3.23.54, which was released on 12 December 2002 with the purpose of fixing the vulnerabilities.
The complete article is available at
Back to Database Journal Home