I would imagine that we're vulnerable too.
QNAP NAS Community Forum
Password flaw leaves MySQL open to brute force attack
3 posts
• Page 1 of 1
Password flaw leaves MySQL open to brute force attack
by PharCyder » Tue Jun 12, 2012 3:17 pm
- PharCyder
- Know my way around
- Posts: 117
- Joined: Sun Apr 01, 2012 12:03 am
- Location: London, UK
- NAS Model: TS-559 Pro+
Re: Password flaw leaves MySQL open to brute force attack
by pwilson » Tue Jun 12, 2012 5:14 pm
PharCyder wrote:Http://www.theregister.co.uk/2012/06/11/mysql_mariadb_password_flaw/
I would imagine that we're vulnerable too.
Surely the risk of external attack can be resolved by simply not allowing access to port 3306 on the WAN port of the router, and not forwarding traffic that arrives from external IP's to the MySQL server.
This wouldn't protect from internal attacks on the LAN tho'.
Patrick.
Patrick M. Wilson
Victoria, BC Canada
QNAP TS-419P+ w/ 4 * Seagate Barracuda 2TB 5900rpm (RAID5) - FW: 3.8.1 Build 20121205
Forums: View My Profile - Search My Posts - Send Private Message - View My Photo - Top Community Forum Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs - HowTos - QNAP Video Library
-
pwilson - Moderator
- Posts: 3710
- Joined: Fri Mar 06, 2009 11:20 am
- Location: Victoria, BC, Canada
- NAS Model: TS-419P+
Re: Password flaw leaves MySQL open to brute force attack
by forkless » Tue Jun 12, 2012 11:54 pm
That and we don't exactly know how MySQL was compiled. It seems that only versions that don't use the included memcp library function (eg. via glibc offered by the OS) are affected.Would be nice if we could get some confirmation from QNAP though.
TS-219P+ II
TS-809 PRO
TS-809 PRO
-
forkless - Been there, done that
- Posts: 943
- Joined: Mon Nov 23, 2009 6:52 am
- Location: The Netherlands
- NAS Model: TS-809 Pro
3 posts
• Page 1 of 1
Return to Web Server & Applications (Apache + PHP + MySQL / SQLite)
Who is online
Users browsing this forum: No registered users and 5 guests
News
Site map
SitemapIndex
RSS Feed