MySQL mistake is a wake-up call on open source ownership

l33tdawg — Mon, 24 Jun 2013 01:48:47 +0000

MySQL mistake is a wake-up call on open source ownership

posted onJune 24, 2013

by l33tdawg

Credit: http://en.wikipedia.org/wiki/MySQL

There was a moment of panic in the open source community this week when a developer on the MariaDB fork of MySQL discovered that Oracle had quietly changed the license on all the man pages for MySQL from GPL to a restrictive proprietary license two months earlier. Prompted by the bug report, Oracle's staff quickly discovered that an error had been made in the build system and promised to immediately undo the change and restore the GPL to all of MySQL. Problem solved!

nocomment

→READ MORE

Serious MySQL authentication bypass vulnerability found - Metasploit module already released

l33tdawg — Mon, 11 Jun 2012 08:39:56 +0000

Serious MySQL authentication bypass vulnerability found - Metasploit module already released

posted onJune 11, 2012

by l33tdawg

Credit: http://4.bp.blogspot.com/-M6SEU5Vpq4g/T9Wcjvbn2pI/AAAAAAAAGkY/yTR8PCNq_is/s640/mysql_hacked.png

A serious security bug in MariaDB and MySQL Disclosed, According to Advisory All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable. This issue got assigned an id CVE-2012-2122.

Mysql_hashdump module from Metasploit uses a known username and password to access the master user table of a MySQL server and dump it into a locally-stored "loot" file. This can be easily cracked using a tool like John the Ripper, providing clear-text passwords that may provide further access.

nocomment

→READ MORE