Home

Security digest 12.20.2002, MySQL, perl and more

Submitted by charlie.collins on Fri, 12/20/2002 - 11:21
Tagged:
See the linked Oreilly DevCenter article for this weeks security notices. The most severe of which is a MySQL arbitrary code execution and DoS issue (the most sever IMHO). The MySQL problem is really not an issue if your database server is not accesible to outside users. (As it should not be, make all access localhost and of course dont allow access through firewall, etc.) However it is a concern if you host remotely accessible multi-user databases. The other vulnerabilities are pretty obscure and minor as well, they include tcpdump, wget, perl, lynx, cobalt RAQ and more. See the linked article for details.   Security Alerts 12.20.2002: Oreilly

Comments

Re: Security digest 12.20.2002, MySQL, perl and more

Submitted by Shmooze (not verified) on Fri, 12/20/2002 - 11:59.
In the vein of this story - I got a request yesterday from a client that was having trouble FTPing files to me - rather than figure out how to fix his problem he asked me "Can you just give me access to your SQL Server database so I can update your tables directly?". I was like... sure dude... no problem - just give us a few days to post our customers credit card info directly onto an HTML page to save the hackers the 15min of trouble it will take them to extract it out the database. This guy is a web consultant hired by our client to handle their web development. It's easy to see why there are so many security issues around today. It's hard enough to get bullet proof software without goobers wanting to expose customer sensitive information to any Tom, Dick and Harry with a net connection. Ok... I'll get off my soapbox now.

Re: Security digest 12.20.2002, MySQL, perl and more

Submitted by atrox (not verified) on Sat, 12/21/2002 - 00:37.
point well made sir. by FAR the majority of security issues are definitely misconfigurations, laziness, apathy, stupidity etc rather than faulty software (in my experience anyway).

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.