MySQL Vulnerability

Hi

I see there are warnings going out about a basic flaw in the password software used by MySQL. One report claims about 50% of MySQL servers are vulnerable. It seems to be possible for “a brute-force attack to bag the password and gain full root access in a few seconds” - http://www.theregister.co.uk/2012/06/11/mysql_mariadb_password_flaw/

I am running a clean, standard Virtualmin Pro install on CentOS 6. Should I be worried? Is there anything I should check or do?

I run fail2ban on my server it stops brute-force attack dead. Before installing it I was receiving thousands of hit a day from brute-force attacks. Now on a very bad day I get 30 or so. you may want to try it.

AllanTI

Sounds good AllanIT - but I think it would be unwise to rely on that alone in a case like this. I use OSSEC HIDS myself and brute force attacks get stopped (I get a lot from China!). However whatever such system you use, the attacker still gets a number of chances to have a crack at the password. I think I am right in saying that with this vulnerability the odds are as bad as 1:175. Not odds I like!

What I would like to do is understand what this vulnerability is and protect it ‘at source’ if possible (assuming a VM setup is vulnerable in the first place).

Red Hat has confirmed its Enterprise Linux 4, 5, and 6 are secure.

that means centos 6 also

You could also try configserver security - which is also available as a webmin module.

Also, note that the vulnerable distributions have been pushing out an update to fix the MySQL flaw – so making sure that your packages are up to date should prevent any problems regarding that issue.

-Eric