List:General Discussion« Previous MessageNext Message »
From:Jan Steinman Date:November 13 2010 9:32pm
Subject:RE: FW: [USN-1017-1] MySQL vulnerabilities
View as plain text  
> From: "Daevid Vincent" <daevid@stripped>
> 
> my point exactly. there is NONE. and if you don't patch your mysql as
> needed, then you will need a lot more help when you're hacked. ;-p

I note that the impact of every single one of these vulnerabilities was "An authenticated
user could exploit this to make MySQL crash, causing a denial of service."

That's a pretty low threat level. No mention was made of gaining or increasing access, nor
of corrupting data.

First, you need an "authenticated user" who is trying to "exploit" a vulnerability to
cause "denial of service."

If you're allowing a publicly accessible pseudo-user to exploit such vulnerabilities
through script injection, that's YOUR problem!

If an "authenticated user" causes a "MySQL crash" on my system, they get de-authenticated
pretty quickly. :-)

----------------
No rational person can see how using up the topsoil or the fossil fuels as quickly as
possible can provide greater security for the future, but if enough wealth and power can
conjure up the audacity to say that it can, then sheer fantasy is given the force of
truth; the future becomes reckonable as even the past has never been. -- Wendell Berry
:::: Jan Steinman, EcoReality Co-op ::::

Thread
FW: [USN-1017-1] MySQL vulnerabilitiesDaevid Vincent12 Nov
  • Re: FW: [USN-1017-1] MySQL vulnerabilitiesJohan De Meersman12 Nov
    • RE: FW: [USN-1017-1] MySQL vulnerabilitiesDaevid Vincent12 Nov
      • Re: FW: [USN-1017-1] MySQL vulnerabilitiesGael12 Nov
        • Re: FW: [USN-1017-1] MySQL vulnerabilitiesRob Wultsch13 Nov
RE: FW: [USN-1017-1] MySQL vulnerabilitiesJan Steinman13 Nov
  • RE: FW: [USN-1017-1] MySQL vulnerabilitiesDaevid Vincent14 Nov
    • Re: FW: [USN-1017-1] MySQL vulnerabilitiesJohan De Meersman15 Nov
Re: FW: [USN-1017-1] MySQL vulnerabilitiesJan Steinman16 Nov