Author: tbedford
Date: 2009-03-04 10:43:47 +0100 (Wed, 04 Mar 2009)
New Revision: 14068
Log:
Added entry for bug #42306
Modified:
trunk/dynamic-docs/changelog/monitor.xml
Modified: trunk/dynamic-docs/changelog/monitor.xml
===================================================================
--- trunk/dynamic-docs/changelog/monitor.xml 2009-03-04 09:33:17 UTC (rev 14067)
+++ trunk/dynamic-docs/changelog/monitor.xml 2009-03-04 09:43:47 UTC (rev 14068)
Changed blocks: 1, Lines Added: 35, Lines Deleted: 0; 1378 bytes
@@ -9,6 +9,41 @@
<logentry entrytype="bug">
<bugs>
+ <fixes bugid="42306"/>
+ </bugs>
+
+ <versions>
+ <version ver="2.0.5"/>
+ </versions>
+
+ <message>
+
+ <para>
+ Changing <literal>ssh-agent</literal> from OpenSSH or specifying
+ a malevolent value of <literal>agent-host-id</literal>, could
+ inject data into the monitored MySQL Server.
+ </para>
+
+ <para>
+ For example, setting <literal>agent-host-id</literal> to the
+ value <quote>I'm a test</quote> would result in the
+ following message in the error log:
+ </para>
+
+<programlisting>
+2009-01-23 15:45:11: ((error)) agent_mysqld.c:281: mysql_real_query('INSERT INTO
+mysql.inventory (name, value) VALUES ( 'hostid', 'I'm a test' )') on 'mysql' failed: You
+have an error in your SQL syntax; check the manual that corresponds to your MySQL server
+version for the right syntax to use near 'm a test' )' at line 1 (mysql-errno = 1064)
+</programlisting>
+
+ </message>
+
+ </logentry>
+
+ <logentry entrytype="bug">
+
+ <bugs>
<fixes bugid="43239"/>
</bugs>
| Thread |
|---|
| • svn commit - mysqldoc@docsrva: r14068 - trunk/dynamic-docs/changelog | anthony.bedford | 4 Mar |
