1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

How to upgrade to MySQL 4.1.9?

Discussion in 'Plesk for Windows - 8.x and Older' started by carlswart, Mar 16, 2005.

  1. carlswart

    carlswart Guest

    0
     
    Have anybody upgraded to MySQL 4.1.9 or later?

    I have received this vulnerability notification:

    Package: MySQL Database Server for Windows
    Auth: http://www.mysql.com/
    Version(s): 4.1.XX/4.0.XX/5.0.XX
    Vulnerability Type: Denial of Service

    Disclaimer:
    ==========

    The information is provided "as is" without warranty of any kind.
    The author of this issue shall not be held liable for any
    downtime, lost profits, or damages due to the informations
    contained in this advisory.

    What's MySQL:
    ============

    MySQL is a multi-user, multi-threaded relational database management system.
    The MySQL database server is the world's most popular open source database.


    Vulnerability Description:
    =========================
    A vulnerability exist in the way application handle requests
    containing reserved MS-DOS devices name (AUX,CON,COM1,LPT1 and PRN).
    This flaw allows an authenticaded user with at least one of those
    privileges globally (on *.*):

    - REFERENCES
    - CREATE TEMPORARY TABLES
    - GRANT OPTION
    - CREATE
    - SELECT

    to cause the service to fail.

    Proof of Concept:
    ================

    1- Create an user account:

    (connected as 'root')

    use mysql;
    INSERT INTO user (Host,User,Password) VALUES('%','customer',PASSWORD('customer'));

    2- Grant to him one or more privileges reported above:

    (connected as 'root')

    GRANT CREATE TEMPORARY TABLES ON *.* TO 'customer'@'%';
    flush privileges;


    3- Connect to server using new account and 'use' the database 'LPT1':

    (connected as 'customer')
    use LPT1;


    Vendor Status:
    =============

    http://bugs.mysql.com/

    ID: 9148
    Updated by: Miguel Solorzano
    Reported by: Luca Ercoli
    User Type: User
    Status: Verified
    Severity: S2 (Serious)
    Category: Server
    Operating System: Windows
    -Version: 4.1.9
    +Version: 4.1.XX/4.0.XX/5.0.XX
     
  2. marcwolf

    marcwolf Guest

    0
     
    If we are taking about Plesk 7.5.+ for WINDOWS!!! then there is a good chance you can do this.. Please test first.

    Last weekendD we had a disasterous upgrade to our Plesk 7.1 system. Sorting throught the mess allowed me to discover the following.

    Plesk 7.5.+ runs 2 copies of MySQL. One for itself and the other for the user databases.

    These are totally seperate and reside in different locations on the HD. The Plesk one is at port 8306 and the users one is at port 3306

    Now - MySQL say you CAN run different copies of MySQL on a system so long as you have different ports, so it is probable that you can install a new version (Say MySQL v5) for your users and let Plesk do its own things with it MySQL 4.1.7 install.

    There are some issues I can see. You might not beable to let your clients create their own ODBC connections or manage their own databases via Plesk (We use a tool SQLYog to do that from a remote machine).

    But if your machine is a fairly closed machine that you manage yourselves with a small number of clients then it makes it a lot easier.

    Just my views.. Please test first

    Dave
     
Loading...