Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Apps A-M :: lnx5010.htm

MySQL in Connectiva Linux package leaks user/pass information



18th Jan 2002 [SBWID-5010]
COMMAND

	MySQL in Connectiva Linux package leaks user/pass information

SYSTEMS AFFECTED

	Conectiva Linux 6.0

PROBLEM

	In Connectiva Linux report :
	

	The package shipped with Conectiva Linux 6.0 and older logs  by  default
	all queries made to  the  database  to  the  /var/log/mysql  file.  This
	includes user creation, password changes  via  SQL  commands  and  other
	queries. Our package incorrectly leaves the permissions of this file  as
	world-readable (0644), thus allowing any user on the  system  access  to
	potentially sensitive information.

SOLUTION

	Either :
	

	chmod 600 /var/log/mysql*

	chown mysql.mysql /var/log/mysql*

	

	Or update from :
	

	ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/MySQL-3.23.36-14U50_1cl.src.rpm

	ftp://atualizacoes.conectiva.com.br/5.0/i386/MySQL-3.23.36-14U50_1cl.i386.rpm

	ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/MySQL-3.23.36-14U51_1cl.src.rpm

	ftp://atualizacoes.conectiva.com.br/5.1/i386/MySQL-3.23.36-14U51_1cl.i386.rpm

	ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/MySQL-3.23.36-14U60_1cl.src.rpm

	ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-3.23.36-14U60_1cl.i386.rpm

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH