Database Journal
MS SQL Oracle DB2 Access MySQL PostgreSQL Sybase PHP SQL Etc SQL Scripts & Samples Links Database Forum

» Database Journal Home
» Database Articles
» Database Tutorials
MS SQL
Oracle
DB2
MS Access
MySQL
» RESOURCES
Database Tools
SQL Scripts & Samples
Links
» Database Forum
» Sitemap
Free Newsletters:
DatabaseDaily  
News Via RSS Feed


follow us on Twitter
Database Journal |DBA Support |SQLCourse |SQLCourse2
 

Featured Database Articles

Database News

Posted Dec 17, 2002

MySQL Flaw Lets Intruders Into Databases, Systems

By DatabaseJournal.com Staff

[From ExtremeTech]

According to an advisory recently published by e-matters GmbH, all editions of MySQL (with the exception of the latest version of the GPLed MySQL package) have vulnerabilities that make them subject to denial of service attacks and arbitrary code execution. An intruder across the Internet can crash the database server, bypass password authentication, extract private data from the database, or (in some cases) run code with all of the privileges of the database server. According to the advisory, it's even easier for local users to break in.

To close the hole, it's necessary to upgrade to MySQL 3.23.54, which was released on 12 December 2002 with the purpose of fixing the vulnerabilities.

The complete article is available at http://www.extremetech.com/article2/0,3973,765036,00.asp.


Back to Database Journal Home



Database News Archives

Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 




Latest Forum Threads
Database News Forum
Topic By Replies Updated
Efficient SQL Server Indexing by Design lcole 0 April 30th, 12:38 PM
Mine Oracle Database, SQL Server and Other Databases with Monarch Data Pump Pro V10.5 lcole 0 April 30th, 12:37 PM
Oracle Database and Oracle Fusion Middleware for Private Social Network Application lcole 0 April 30th, 12:31 PM
Oracle Database Maintains a Stronghold in the DBMS Market lcole 0 April 30th, 12:30 PM