Critical MySQL Bug

Posted on June 13, 2012 by Paul

A critical vulnerability has been found in MySQL. The exploit allows a connection to submit an incorrect password for a known user. By flooding the connection MySQL can incorrectly allow access in as that user.

The full security advisory can be found at http://seclists.org/oss-sec/2012/q2/493

This error has been fixed in recent versions of MySQL, and the problem is not present on Red Hat and Centos operating systems (https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2122 & http://lists.centos.org/pipermail/centos/2012-June/126719.html).

If in doubt about the status of your MySQL installation, you can help reduce attacks by making sure MySQL is not accepting connections over a network; or connections that can’t be done, make sure host based control is used for users. Use of a firewall to limit where connections can be made from would also be advised as a secondary measure.

Post to Digg Digg This Post Post to Reddit Post to Reddit Post to StumbleUpon Stumble This Post Post to Technorati Post to Technorati

This entry was posted in Managed Hosting. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>