Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Open Source

+ - Researcher Discloses New Batch of MySQL Vulnerabilities->

Submitted by wiredmikey
wiredmikey (1824622) writes "Over the weekend, a security researcher disclosed seven security vulnerabilities related to MySQL. Of the flaws disclosed, CVE assignments have been issued for five of them. The Red Hat Security Team has opened tracking reports, and according to comments on the Full Disclosure mailing list, Oracle is aware of the zero-days, but has not yet commented on them directly.

Researchers who have tested the vulnerabilities themselves state that all of them require that the system administrator failed to properly setup the MySQL server, or the firewall installed in front of it. Yet, they admit that the disclosures are legitimate, and they need to be fixed. One disclosure included details of a user privilege elevation vulnerability, which if exploited could allow an attacker with file permissions the ability to elevate its permissions to that of the Mysql admin user.

Given that MySQL is mission critical in many environments, the vulnerabilities are worth examining, especially given that the the disclosures were published with working proof-of-concept scripts."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Researcher Discloses New Batch of MySQL Vulnerabilities

Comments Filter:

A man is not complete until he is married -- then he is finished.

Working...