 |
| | HOMEPAGE | INDICE FORUM | REGOLAMENTO | ::. | NEI PREFERITI | .:: | RSS Forum | RSS News | NEWS web | NEWS software | |
| | PUBBLICITA' | | | ARTICOLI | WIN XP | VISTA | WIN 7 | REGISTRI | SOFTWARE | MANUALI | RECENSIONI | LINUX | HUMOR | HARDWARE | DOWNLOAD | | | CERCA nel FORUM » | |
06-07-2004, 14.45.35
|
#1 |
|
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
 |
MySQL Authentication Vulnerabilities
Chris Anley has reported two vulnerabilities in MySQL, allowing malicious people to gain access to the database or the local system. 1) MySQL fails to properly verify passwords if the client has set a specific client capability flag and specifies a "passwd_len" of NULL. This causes MySQL to accept a NULL password as a valid password and authenticates the user. Successful exploitation requires that the attacker knows a valid username. 2) A boundary error within the handling of "scramble" strings can reportedly be exploited to execute arbitrary code if the attacker knows a password hash or through brute forcing. The vulnerabilities only affect beta / developement branches of MySQL 4.1.x and MySQL 5. Leggi: http://secunia.com/advisories/12020/ |
|
|
 |
| Utenti attualmente attivi che stanno leggendo questa discussione: 1 (0 utenti e 1 ospiti) | |
|
|
Discussioni simili
|
||||
| Discussione | Autore discussione | Forum | Risposte | Ultimo messaggio |
| [2000] problemi con la configurazione di mysql | sbaragnus | Software applicativo | 2 | 03-03-2006 13.36.03 |
| [Mysql] Php non vede Mysql [OK] | espiritos | Programmazione | 17 | 01-12-2005 20.59.52 |
| MySQL Admin. 1.1.3 | Thor | Archivio News Software | 0 | 27-09-2005 15.42.28 |
| MySQL Admin. 1.1.2 | Thor | Archivio News Software | 5 | 19-09-2005 10.41.03 |
| MySql | turf | Windows 9x/Me/NT4/2000 | 5 | 30-06-2004 08.56.42 |
