MySQL 취약점 보고가 떳습니다.
관련 내용 첨부 :
A few days ago Sergei Golubchik of Monty Program sent an e-mail to the Open Source Security mailing list informing about a security vulnerability in MySQL authentication system. Under certain circumstances a remote attacker may easily gain access to MySQL database as any user and all they need to know is a valid user name (e.g. root user exists in nearly all installations). The problem has only been addressed in the most recent database versions.
The full details are covered in Sergei’s post linked above. Not all MySQL releases are affected as the cause appears to be related to the build environment and the options used in the binary build process. For instance binaries distributed by Oracle appear to be safe as well as those available from RedHat’s repository.
We encourage you to test this against your database if you’re running MySQL versions up to 5.1.61 or 5.5.22 to see whether you need to upgrade or not. The test can be done with a simple line that can be run in bash:
for i in `seq 1 2000`; do mysql -u root --password=somerandomcharacters -h 127.0.0.1 ; done
Remember that following even the basic security practices can often save you from getting your database hacked after a new vulnerability is published:
- never let MySQL to listen on a network interface accessible from the internet (set bind-address in my.cnf if necessary)
- build firewall rules to filter out any addresses that do not require database access
- always create a new privileged MySQL user under a different name to replace the default root account and remove root afterwards
- remove test account that is installed by default
- upgrade database as soon as possible after a new vulnerability is published
Original Source : http://planet.mysql.com/entry/?id=33544
위의 내용에 해당 하는 서버는 위의 내용대로 적용 하시기 바랍니다.
Red Hat BugZilla : https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2122
Debian : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677018
Ubuntu : http://www.ubuntu.com/usn/usn-1467-1/
The Hackers News : http://thehackernews.com/2012/06/cve-2012-2122-serious-mysql.html
Youtube : http://www.youtube.com/watch?v=B_3BpxXv7bU&feature=related
CVE-2012-2122: A Tragically Comedic Security Flaw in MySQL
'프로그램개발 > DB(MySQL,MariaDB,MongoDB)' 카테고리의 다른 글
| Mysql Join 해부(Left, Right, Outer, Inner Join) (0) | 2016.02.11 |
|---|---|
| MySQL 중복제거 쿼리 (0) | 2015.06.17 |
| MySQL root 패스워드 분실시 (0) | 2014.06.24 |
| SQL문 작성시 속도를 고려하여 작성하기... (0) | 2014.04.30 |
| MySQL JOIN 잘 정리한 이미지 (0) | 2014.02.06 |
