For all you MySQL fans out there, batten down the hatches... Title: Multiple Remote 0-Day Attacks Against MySQL Databases Description: A slew of remotely exploitable bugs in MySQL were released by security researcher KingCope on the Full-Disclosure mailing list over the weekend, with exploits including buffer overflows, user enumeration techniques, and denial-of-service attacks. As no patches are currently available, some of the issues target default configurations, and exploits are already circulating in the wild, system administrators are urged to lock down access to their database systems to only authorized users wherever possible as a mitigation until patches become available. Reference: http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089025.html http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089027.html http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089023.html http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089022.html http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089026.html http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089024.html http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089020.html Snort SID: 24897 ClamAV: N/A
-- rk _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/DF1EEF11E586A64FB54A97F22A8BD044217A2B860E@ACKBWDDQH1.artfact.local ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
