-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Thursday, December 19, 2002 7:30 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 12/19/02 December 16, ZDNet Australia MySQL security flaws uncovered. Several vulnerabilities have been found in the MySQL database system, a light database package commonly used in Linux environments but which runs also on Microsoft platforms, HP-Unix, Mac OS and more. E-matters, a German company, released a security advisory after discovering the flaws. They have rated the vulnerabilities as "Medium to Critical" in severity. The security flaws discovered range from Denial of Service (DoS) problems to more serious issues. "...[O]ne of the flaws can be used to bypass the MySQL password check or to execute arbitrary code," the advisory said. E-matters also found multiple vulnerabilities in the MySQL client libraries, which "...could allow DoS attacks against or arbitrary code execution within anything linked against libmysqlclient." The vulnerabilities affect all versions prior to 3.23.53a and 4.0.5a. MySQL have released an updated "version 3" (3.23.54) that is immune to the security bugs. It is not known when an updated "version 4" MySQL will be released. E-matters will not be releasing an exploit for the vulnerability. Source. http://zdnet.com.com/2100-1104-977958.html Virus: #1 Virus in USA: WORM_KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80(http); 1433(ms-sql-s); 53 (domain); 445(microsoft-ds); 443(https); 3389(ms-term-serv); 4662; 25(smtp); 21 (ftp) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Thu Dec 19 2002 - 19:27:11 PST