We just had another machine that this weird bug introduced itself onto. However, I just noticed something interesting; they're both running mysql-3.23.58. Most of our production servers are 3.23.57 or below. Also, there was a specific change to 3.23.58 dealing with password handling:
"Fixed buffer overflow in password handling which could potentially be exploited by MySQL users with ALTER privilege on the mysql.user table to execute random code or to gain shell access with the UID of the mysqld process (thanks to Jedi/Sector One for spotting and reporting this bug)." http://dev.mysql.com/doc/mysql/en/News-3.23.58.html Atle - Flying Crocodile Inc, Junior Unix Systems Administrator On Mon, 26 Apr 2004, Jeremy Zawodny wrote: > On Mon, Apr 26, 2004 at 11:27:46AM -0700, MySQL wrote: > > > > Hi, I have a FreeBSD 4.9-R server running 3.23.58-log and lately it's been > > a daily occurrence that mysqld gets so busy that it's unable to authorize > > connections properly. Our monitoring system will report something like > > this: "Access denied for user: '<user>@<host>' (Using password: NO)". > > However, it *is* using a password and when the monitoring system retries > > it successfully logs in. > > > > Is this a know problem? If it's not, it may be possible that it's > > lingering in later major releases as well. We have no plans to upgrade to > > the 4.X or 5.X branch anytime soon, this is just a heads up for anyone > > that cares. :) > > Yeah, we've been seeing this bug a bit too. I'm trying to isolate it > and figure out if it's a FreeBSD related problem or something more > MySQL specific. > > Are you using FreeBSD's native threads or LinuxThreads? > > Jeremy > -- > Jeremy D. Zawodny | Perl, Web, MySQL, Linux Magazine, Yahoo! > <[EMAIL PROTECTED]> | http://jeremy.zawodny.com/ > > [book] High Performance MySQL -- http://highperformancemysql.com/ > -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
