Posts Tagged ‘Security’

MySQL with yaSSL vulnerability

Posted on 19/1/2010, 9:00 am, by Colin Charles, under MySQL.

It’s worth noting that if you’re using MySQL 5.0/5.1, with SSL enabled, and you’re using yaSSL as opposed to OpenSSL, you’re vulnerable to CVE-2009-4484. Its a buffer overflow, that works over TCP, via the MySQL port, 3306. Lenz furnished us with some information, and the patch is available. You’ll see this rocking when MySQL 5.1.43 gets released.

It affects Debian (presumably, it will also affect Ubuntu). Red Hat/CentOS is spared, because instead of using yaSSL, OpenSSL is used.

MariaDB 5.1.41-rc (based on MySQL 5.1.41) which was just released a few days ago, naturally is also affected. The next release candidate might potentially be rebased against 5.1.42 (the builds are already ready, from what I understand), and will include this patch.

Some yaSSL trivia: did you know that one of the two co-founders of the project, is actually Larry Stefonic? Larry was an early MySQL Ab employee, holding quite a few positions at MySQL Ab; he was the President of MySQL KK (the Japanese branch), and was also SVP for worldwide OEM sales!

Tags: , , ,
Comments Off | Read the rest of this entry »

Secure travelling with ipfw on OS X?

Posted on 27/5/2008, 1:05 am, by Colin Charles, under FreeBSD, MacOSX/Apple, Security.

Dear (mac/bsd) Lazyweb,

Any idea how I can do the following, on Mac OS X?

iptables -t nat -A PREROUTING -p tcp -d my.pop.server –dport 110 -j DNAT –to-destination 127.0.0.1:1235
iptables -t nat -A OUTPUT -p tcp -d my.pop.server –dport 110 -j DNAT –to-destination 127.0.0.1:1235

Does ipfw(8) work in OS X? What magic will I have to use for this to work? All I really want is for my.pop.server:110 to point to localhost:1235, so if the SSH tunnel isn’t up, I can’t POP my mail. I wrote about this in Secure travelling tips with iptables and SSH port forwarding, as that’s what I do on Linux.

Why do I ask? I’m thinking that my personal laptop (currently a Dell Inspiron 640m running Linux) might actually be replaced with a MacBook Air in the near future (lighter, easier to carry, etc.). Oh, if you have comments about the Air, don’t hesitate to tell them to me as well.

Tags: , , , , , , ,
Comments | Read the rest of this entry »
i