From owner-doc-jp@jp.freebsd.org  Mon Mar  6 14:25:58 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id OAA57226;
	Mon, 6 Mar 2000 14:25:58 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from TYO203.gate.nec.co.jp (TYO203.gate.nec.co.jp [202.32.8.211])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id OAA57221
	for <doc-jp@jp.freebsd.org>; Mon, 6 Mar 2000 14:25:58 +0900 (JST)
	(envelope-from y-koga@jp.FreeBSD.org)
Received: from mailsv.nec.co.jp (mailsv-le1 [192.168.1.90])
	by TYO203.gate.nec.co.jp (8.9.3/3.7W99122211) with ESMTP id OAA19676
	for <doc-jp@jp.freebsd.org>; Mon, 6 Mar 2000 14:25:57 +0900 (JST)
Received: from mmssv.mms.mt.nec.co.jp (mmssv.mms.mt.nec.co.jp [133.201.63.216]) by mailsv.nec.co.jp (8.9.3/3.7W-MAILSV-NEC) with ESMTP
	id OAA18413 for <doc-jp@jp.freebsd.org>; Mon, 6 Mar 2000 14:25:56 +0900 (JST)
Received: from koga.do.mms.mt.nec.co.jp (koga.do.mms.mt.nec.co.jp [10.16.5.16]) by mmssv.mms.mt.nec.co.jp (8.8.4+2.7Wbeta4/3.4W3MMS96052011) with ESMTP id OAA05842 for <doc-jp@jp.freebsd.org>; Mon, 6 Mar 2000 14:22:54 +0900 (JST)
Received: from localhost (localhost [127.0.0.1])
	by koga.do.mms.mt.nec.co.jp (8.9.3/3.7W-00011917) with ESMTP id OAA02537;
	Mon, 6 Mar 2000 14:25:53 +0900 (JST)
Message-Id: <200003060525.OAA02537@koga.do.mms.mt.nec.co.jp>
To: doc-jp@jp.freebsd.org
In-Reply-To: <200002291849.DAA16117@mail.geocities.co.jp>
References: <20000229052646.6291337BA3B@hub.freebsd.org>
	<200002291849.DAA16117@mail.geocities.co.jp>
X-Mailer: Mew version 1.94.2 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Mon, 06 Mar 2000 14:25:51 +0900 (JST)
From: Koga Youichirou <y-koga@jp.freebsd.org>
X-Dispatcher: imput version 20000228(IM140)
Lines: 34
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: doc-jp 7130
Subject: [doc-jp 7130] Re: ANNOUNCE: FreeBSD Security Advisory:
 FreeBSD-SA-00:05.mysql322-server
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: y-koga@jp.freebsd.org

Hiroki Sato <hrs@geocities.co.jp>:
>  SA-00:05.mysql322-server $B$NF|K\8lLu$G$9!#(B

$B$Q$A$Q$A$Q$A!y(B

> =============================================================================
> FreeBSD-SA-00:05                                           Security Advisory
>                                                                 FreeBSD, Inc.
> 
> $B%H%T%C%/(B:       MySQL allows bypassing of password authentication
$B!D(B $B$5$/$C$HN,(B $B!D(B
> II.  $BLdBj$N>\:Y(B - Problem Description
> 
> The MySQL database server (versions prior to 3.22.32) has a flaw in the
> password authentication mechanism which allows anyone who can connect to
> the server to access databases without requiring a password, given a valid
> username on the database - in other words, the normal password
> authentication mechanism can be completely bypassed.
> 
> MySQL $B%G!<%?%Y!<%9%5!<%P(B(3.22.32 $B$h$jA0$N%P!<%8%g%s(B)$B$K$O(B, 
> $B%Q%9%o!<%IG'>Z5!9=$K%;%-%e%j%F%#>e$N7g4Y$,$"$k$?$a(B, 
> $B%5!<%P$K@\B3$G$-$k?M$OC/$G$b(B, $B%G!<%?%Y!<%9$GM-8z$J%f!<%6L>$5$(F~NO$9$l$P(B, 
> $B%Q%9%o!<%I$rMW5a$5$l$k$3$H$J$/%"%/%;%9$,2DG=$G$9(B. $B$3$l$O$D$^$j(B, $BDL>o$N(B
> $B%Q%9%o!<%IG'>Z5!9=$r40A4$K%P%$%Q%9$9$k$3$H$,$G$-$k$H$$$&$3$H$G$9(B.  

$B$s!<$H!"$3$3$O%;%-%e%j%F%#>e$N7g4Y$,$"$k$3$H!"$*$h$S$=$NFbMF$N@bL@$r$7(B
$B$F$$$k$N$G$"$C$F!"%;%-%e%j%F%#>e$N7g4Y$N1F6A$r@bL@$7$F$$$k$s$8$c$J$$$G(B
$B$9!#$G$9$+$i!"!V%;%-%e%j%F%#>e$N7g4Y$,$"$k$?$a!W$8$c$J$/$F!V!D$H$$$&%;(B
$B%-%e%j%F%#>e$N7g4Y$,$"$j$^$9!W$G$9$M!#$"$k$$$O!"!V%;%-%e%j%F%#>e$N7g4Y(B
$B$,$"$j$^$9!#$=$l$O!D!W$H$$$C$?46$8$G$7$g$&$+!#(B

$B$"$H$O!"BgBN$$$$$s$8$c$J$$$+$J$!!#(B
----
$B$3$,$h$&$$$A$m$&(B
