[rt-users] Fetchmail and mysql security problems
Lorens Kockum
rt-id-45 at lists.lorens.org
Sun Dec 15 14:52:17 EST 2002
Slightly off-topic, but I imagine a lot of RT admins get their
mail with fetchmail, a lot from external sources, and some RT
admins might have untrusted mysql users . . . so, as seen on
Vulnwatch (.org) Friday and Saturday, discovered by e-matters
(http://security.e-matters.de):
bug in fetchmail, permitting execution of arbitrary code as
user running fetchmail, exploitable with just a malicious
mail, corrected in fetchmail 6.2.0 released Dec 13 2002
bugs in MySQL, permitting root acces to databases, execution
of arbitrary code as mysqld, malicious server executing code
on clients, denial of service . . . corrected in MySQL 3.23.54
released 12 December 2002.
No exploits released.
Time for an upgrade, people . . .
I'm not certain, but I don't think Debian and RedHat packages have
been updated yet. Maybe by the time you read this!
--
#include <std_disclaim.h> Lorens Kockum
More information about the rt-users
mailing list