[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] MySQL DoS and local root exploits

To: linux-security
Subject: [linux-security] MySQL DoS and local root exploits
From: Martin Siegert <siegert@sfu.ca>
Date: Sat, 31 May 2003 15:21:06 -0700
User-Agent: Mutt/1.4.1i

Topic
=====
local root exploit and DoS attack against MySQL

Problem Description
===================
MySQL is a multi-user, multi-threaded SQL database server.

The MySQL package contains a bug whereby dynamically allocated memory is
freed more than once, which could be deliberately triggered by an attacker
to cause a crash, resulting in a denial of service condition.

MySQL 3.23.55 and earlier creates world-writable files and allows mysql
users to gain root privileges by using the "SELECT * INFO OUTFILE" operator
to overwrite a configuration file and cause mysql to run as root (or any
other user) upon restart.

Affected Versions
=================
mysql versions 3.23.55 and earlier

Solution
========
upgrade to 3.23.56 (or patched version for your distribution)

RedHat 7.1
----------
rpm -Fvh mysql-3.23.56-1.71.i386.rpm \
         mysql-server-3.23.56-1.71.i386.rpm \
         mysql-devel-3.23.56-1.71.i386.rpm

RedHat 7.2
----------
rpm -Fvh mysql-3.23.56-1.72.i386.rpm \
         mysql-server-3.23.56-1.72.i386.rpm \
         mysql-devel-3.23.56-1.72.i386.rpm

RedHat 7.3
----------
rpm -Fvh mysql-3.23.56-1.73.i386.rpm \
         mysql-server-3.23.56-1.73.i386.rpm \
         mysql-devel-3.23.56-1.73.i386.rpm

RedHat 8.0
----------
rpm -Fvh mysql-3.23.56-1.80.i386.rpm \
         mysql-server-3.23.56-1.80.i386.rpm \
         mysql-devel-3.23.56-1.80.i386.rpm

RedHat 9
--------
rpm -Fvh mysql-3.23.56-1.9.i386.rpm \
         mysql-server-3.23.56-1.9.i386.rpm \
         mysql-devel-3.23.56-1.9.i386.rpm

Mandrake 8.2
------------
rpm -Fvh MySQL-3.23.47-5.4mdk.i586.rpm \
         MySQL-bench-3.23.47-5.4mdk.i586.rpm \
         MySQL-client-3.23.47-5.4mdk.i586.rpm \
         libmysql10-3.23.47-5.4mdk.i586.rpm \
         libmysql10-devel-3.23.47-5.4mdk.i586.rpm

Mandrake 9.0
------------
rpm -Fvh MySQL-3.23.56-1.3mdk.i586.rpm \
         MySQL-Max-3.23.56-1.3mdk.i586.rpm \
         MySQL-bench-3.23.56-1.3mdk.i586.rpm \
         MySQL-client-3.23.56-1.3mdk.i586.rpm \
         libmysql10-3.23.56-1.3mdk.i586.rpm \
         libmysql10-devel-3.23.56-1.3mdk.i586.rpm

Debian 2.2 (potato)
-------------------
upgrade to mysql-client_3.22.32-6.4_i386.deb,
           mysql-server_3.22.32-6.4_i386.deb

Debian 3.0 (woody)
------------------
upgrade to mysql-client_3.23.49-8.4_i386.deb,
           mysql-server_3.23.49-8.4_i386.deb,
           libmysqlclient10_3.23.49-8.4_i386.deb,
           libmysqlclient10-dev_3.23.49-8.4_i386.deb

Prev by Date: [linux-security] DoS attack against xinetd
Next by Date: [linux-security] DoS and local root exploits in Linux kernel
Prev by thread: [linux-security] DoS and local root exploits in Linux kernel
Next by thread: [linux-security] DoS attack against xinetd
Index(es):
- Date
- Thread