You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 394 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
New MySQL Vulnerability
SecurityMySQL has released information today about a new vulnerability. This exploit check has been integrated into a new Analyzer dot release: 1.89.1. Included in this dot release is the ability to display config.php values even if a MySQL connection isn't established.

View it here--> Analyzer 1.89.1
Posted on Friday, February 07 @ 22:26:07 CET by Zhen-Xjell
 
Related Links
· Computer Cops
· More about Security
· News by Zhen-Xjell
Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED
Article Rating
Average Score: 5
Votes: 1


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad
Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: New MySQL Vulnerability (Score: 1)
by ITEagle03 on Saturday, February 08 @ 15:40:00 CET
(User Info | Send a Message) http://www.seanhiatt.ws
Do you have a link referring to the MySQL vulnerability? I've searched around and haven't been able to find it.

Re: New MySQL Vulnerability (Score: 1)
by RStar23 on Saturday, February 08 @ 21:58:45 CET
(User Info | Send a Message)
First, thanks for Analyzer - nice tool.

Second, I have done a full updated MySQL to 3.23.55 (was at 3.23.43). Now when I run Anaylzer 1.89.1 it still tells me that I have a vulnerable mysql client (3.23.39).

Since the update loaded my server and client code, I am not sure how this is happening. I would appreciate your insight.

thx

RStar23

Re: New MySQL Vulnerability (Score: 0)
by Anonymous on Saturday, February 08 @ 22:13:34 CET
Join the club, I ran the analyzer, got the error about having a vunerable server (3.23.49) followed the link, downloaded the latest (3.23.55) shutdown my produciton server, disconnecting 179 customers, installed the update, rebooted the server and then re-ran the analyzer and it claims I have the wrong one still, (3.23.49). So, now, after pissing off almost 200 customers, I'm wondering if I was running the wrong one to start with.

Not a good thing here guys!!!!!

Re: New MySQL Vulnerability (Score: 1)
by Zhen-Xjell on Saturday, February 08 @ 22:38:56 CET
(User Info | Send a Message) http://castlecops.com
Per the mysql changelog if you upgraded you are fine. On running analyzer what version of the server and client does it say you have?

Re: New MySQL Vulnerability (Score: 0)
by Anonymous on Sunday, February 09 @ 07:26:12 CET
Can you tell me why this 'tool' says i'm
running a old version of MySQL while i'm
running the latest release!

mysql --version
mysql Ver 12.17 Distrib 4.0.10-gamma, for pc-linux (i686)

mysqld --version
mysqld Ver 4.0.10-gamma for pc-linux on i686

Grtnx,

Jan Koetze
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.051 Seconds - 660 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::