Contents

1. Summary
2. Analysis
3. Mitigating factors
4. P.O.C
5. Acknowledgments

Summary

During a code audit performed internally at Percona, we discovered a
viable information disclosure attack when coupled with a MITM attack
in which percona-toolkit and xtrabackup perl components could be
coerced into returning additional MySQL configuration information.
The vulnerability has since been closed.

Timeline

2014-12-16 Initial research, proof of concept exploitation and report completion
2015-01-07 CVE reservation request to Mitre, LP 1408375
2015-01-10 CVE-2015-1027 assigned
2015-01-16 Initial fix code completion, testing against POC verified fix
2015-01-23 Internal notification of …

MySQL is proud to sponsor the Zero to DBA Track at the Southeast Linuxfest next June 11th-14th! Hotel rooms at the conference rate are going very quickly.

So what do you learn at the Zero to DBA sessions? There are two days of presentations from the MySQL and Postgresql communities. The goal of this track was to take novices and turn them into DBAs or at least give novices a good ‘leg up’ in the world. This is a friendly crowd with lots of other non-database sessions and many great non-tech social functions.

Friday
The Proper Care and
Feeding of MySQL for the
Busy Linux Admin
Dave Stokes

The MySQL Ecosystem
Colin Charles

Binary Log Management
Made Easy With MySQL
Utilities
Charles Bell

Scaling MariaDB and MySQL
Max Mether

To …

Percona CEO Peter Zaitsev and Big Data guru Alexander Rubin will be speaking at Meetups along the East Coast next week with stops in Boston (May 11), New York City (May 12), Philadelphia (May 13) and Baltimore (May 14).

Dubbed the “MySQL Whistle-Stop Tour” since they’ll be traveling city to city via Amtrak, Peter will be speaking about last month’s …

Tue, 2015-05-05 06:52rasmusjohansson

Last week, an SSL connection security vulnerability was reported for MySQL and MariaDB. The vulnerability states that since MariaDB and MySQL do not enforce SSL when SSL support is enabled, it is possible to launch Man In The Middle (MITM) attacks. MITM attacks can capture the secure connection and turn it into an unsecure connection, revealing data going back and forth to the server.

Issue resolution in MariaDB is visible through the corresponding ticket in MariaDB’s tracking system (JIRA): https://mariadb.atlassian.net/browse/MDEV-7937

The vulnerability affects the client library of the database server in both MariaDB and MySQL. However, the vulnerability does not affect all the libraries, drivers or connectors for establishing SSL connections with the server.

The vulnerability exists when the …

This article is a part of our Rockstar DBA initiative, a platform for thought leaders to share their knowledge and make a positive contribution towards the database management community.

Manojit Paul, with more than 19 years of professional DBA experience in enterprise database solutions, especially Sybase product set and database infrastructure is our first Rockstar DBA.

Let’s hear from Manojit about how he manages MySQL databases, why he loves MONyog, his advice to young DBA’s and more.

How do you manage your MySQL databases?
We presently have 9 MySQL servers in production trading environment, all being managed via a host of automated scripts which I’ve created and manual intervention when issues are reported. We deploy MONyog for managing 5 of these critical MySQL instances. …

Photo: Ana Rey CC-BY-SA-2.0The “Concurso Universitario de Software Libre” (CUSL, Free Software University Contest), is an initiative similar to the Google Summer of Code, but specifically aimed to the Spanish university and high school students and organized by a group of Free Software University Offices.

As part of the effort to encourage the growth of the free software ecosystem, and introduce young talent to the development of free applications and technologies, DBAHire.com has just become a silver sponsor of the competition, providing resources for the prizes, traveling and accommodation to the …

We are pleased to announce that MySQL Enterprise Monitor 3.0.21 is now available for download on the My Oracle Support (MOS) web site. It will also be available via the Oracle Software Delivery Cloud in a few weeks. This is a maintenance release that includes a few new features and fixes a number of bugs. You can find more information on the contents of this release in the change log.

You will find binaries for the new release on My Oracle Support. Choose the "Patches & Updates" tab, and then choose the "Product or Family (Advanced Search)" side tab in the "Patch Search" portlet.

You will also find the binaries on the Oracle Software Delivery Cloud in a few weeks. Choose "MySQL Database" as the Product Pack and you …

Mon, 2015-04-27 17:52Marc Sherwood

This weekend Team MariaDB attended the 15th annual LinuxFest Northwest. This event has been growing every year, but this year it crossed over to become a HUGE event. There were over 1800 attendees this year, and we had the chance to talk to many of them at our booth and in our talks. Monty talked about what was new in MariaDB 10.1 and Max spoke about Sharding MariaDB and MySQL with Spider. Both of these talks were well attended and had many great questions raised.

The big party, sponsored by Microsoft, was moved from the …

The mysqldump utility lets you 'dump' table contents to text, either for backup purposes or for importing into other databases. mysqldump supports two types of database backup

• Physical backup which preserves only the data, typically in comma separated (CSV) or other delimited text files but also in XML format.
• Logical backup which contains SQL statements that can reproduce table structure, table data or both

To learn about importing and exporting data as well as other key topics for getting started on a MySQL database, take the MySQL for Beginners training course.

You can take this 4-day course through the following formats:

• …