[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] mySQL Root Exploit and a Few Others

Subject: [cobalt-security] mySQL Root Exploit and a Few Others
From: Barbara <thebizworkers@xxxxxxxxx>
Date: Fri, 9 May 2003 16:02:02 -0700 (PDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Guys,

Quick question, is the Pkgmaster version of MySQL vul
to the root exploit as described in this security
focus advisory?

http://www.securityfocus.com/advisories/5120

I recently had a fully patched, newly reloaded RaQ4
hacked within a week of bringing it online.
Unfortunately I wasn't able to get to the logs to find
out how/where they managed to get in, but I'm
wondering if it could possibly have been via this
MySQL hole (I had the Pkgmaster package on the system)
and/or something else. I'm still leery of the admin
GUI running as root, but that's a moot point at this
stange. Does anyone know if any of these earlier
vulnerabilities were ever fixed/patched by SUN's
updates?

  http://online.securityfocus.com/bid/4208

  http://online.securityfocus.com/bid/4209

  http://online.securityfocus.com/bid/4211

I've reloaded the box again and this time didn't
install the MySQL pkg and firewalled off the GUI..

I'm thinking about using Bruce's MySQL
installation/upgrade instructions as a guide to
installing the latest version of MySQL, but am curious
if indeed the Pkgmaster version is vulnerable to this
latest MySQL issue?

Thanks for any tips or insight.

Barbara


__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com

Prev by Date: RE: [cobalt-security] Update of Chilisoft on XTR
Next by Date: Re: [cobalt-security] port scan port 1081 rst
Previous by thread: RE: [cobalt-security] Update of Chilisoft on XTR
Next by thread: [cobalt-security] Email Commands

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index