MySQL security fix

To: debian-security@lists.debian.org
Subject: MySQL security fix
From: Christian Hammers <ch@genesis.westend.com>
Date: Wed, 9 Feb 2000 14:34:46 +0100
Message-id: <[🔎] 20000209143446.B20071@genesis.westend.com>

Hello 

There was a Bugtraq announcement for a MySQL Server security flaw today.
The case was a password checking routine that allowed every user on a 
host that was allowed to connect to a mysql server to guess the password
of an existing(!) user with only 32 tries. 

There was a small fix provided which I applied to my mysql-server package
and uploaded it as mysql-server_3.22.30-4_i386.deb.

bye,

 -christian-

-- 
Christian Hammers    WESTEND GmbH - Aachen und Dueren     Tel 0241/701333-0
ch@westend.com     Internet & Security for Professionals    Fax 0241/911879

Reply to:

Follow-Ups:
- Re: MySQL security fix
  - From: "J.H.M. Dassen \(Ray\)" <jhm@cistron.nl>

Prev by Date: [thomas@cuivre.fr.eu.org: Important security hole: mbr allows anyone to boot from a floppy.]
Next by Date: Re: MySQL security fix
Previous by thread: [thomas@cuivre.fr.eu.org: Important security hole: mbr allows anyone to boot from a floppy.]
Next by thread: Re: MySQL security fix
Index(es):
- Date
- Thread