[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] multiple vulnerabilities in MySQL

To: linux-security
Subject: [linux-security] multiple vulnerabilities in MySQL
From: Martin Siegert <siegert@sfu.ca>
Date: Sun, 19 Jan 2003 22:00:31 -0800
User-Agent: Mutt/1.4i

Topic
=====
vulnerabilities in the mysql code can be used to
crash the server or allow MySQL users to gain privileges.

Problem Description
===================
There exist several vulnerabilities in the MySQL code:

A signed integer vulnerability in the COM_TABLE_DUMP package for MySQL
3.x to 3.23.53a allows remote attackers to cause a denial of service
(crash or hang) in mysqld by causing large negative integers to be provided
to a memcpy call.

The COM_CHANGE_USER command in MySQL 3.x to 3.23.53a and 4.x to
4.0.5a allows a remote attacker to gain privileges via a brute force
attack using a one-character password, which causes MySQL to only compare
the provided password against the first character of the real
password.

The COM_CHANGE_USER command in MySQL 3.x to 3.23.53a and 4.x to
4.0.5a allows remote attackers to execute arbitrary code via a long
response.

The MySQL client library (libmysqlclient) in MySQL 3.x to 3.23.53a and 4.x
to 4.0.5a does not properly verify length fields for certain responses
in the read_rows or read_one_row routines, which allows a malicious server
to cause a denial of service and possibly execute arbitrary
code.

Affected Versions
=================
MySQL 3.x prior to 3.23.54 and 4.x prior to 4.0.6

Solution
========
upgrade to version 3.23.54 or 4.0.6 or patched version for your distribution

RedHat 7.0
----------
rpm -Fvh mysql-3.23.54a-3.70.i386.rpm \
         mysql-devel-3.23.54a-3.70.i386.rpm \
         mysql-server-3.23.54a-3.70.i386.rpm \
         mysqlclient9-3.23.22-8.i386.rpm

RedHat 7.1
----------
rpm -Fvh mysql-3.23.54a-3.71.i386.rpm \
         mysql-devel-3.23.54a-3.71.i386.rpm \
         mysql-server-3.23.54a-3.71.i386.rpm \
         mysqlclient9-3.23.22-8.i386.rpm

RedHat 7.2
----------
rpm -Fvh mysql-3.23.54a-3.72.i386.rpm \
         mysql-devel-3.23.54a-3.72.i386.rpm \
         mysql-server-3.23.54a-3.72.i386.rpm \
         mysqlclient9-3.23.22-8.i386.rpm

RedHat 7.3
----------
rpm -Fvh mysql-3.23.54a-3.73.i386.rpm \
         mysql-devel-3.23.54a-3.73.i386.rpm \
         mysql-server-3.23.54a-3.73.i386.rpm \
         mysqlclient9-3.23.22-8.i386.rpm

RedHat 8.0
----------
rpm -Fvh mysql-3.23.54a-4.i386.rpm \
         mysql-devel-3.23.54a-4.i386.rpm \
         mysql-server-3.23.54a-4.i386.rpm

SuSE-7.1
--------
rpm -Fvh mysql-3.23.33-28.i386.rpm \
         mysql-client-3.23.33-28.i386.rpm \
         mysql-devel-3.23.33-28.i386.rpm

SuSE-7.2
--------
rpm -Fvh mysql-3.23.37-58.i386.rpm \
         mysql-client-3.23.37-58.i386.rpm \
         mysql-devel-3.23.37-58.i386.rpm

SuSE-7.3
--------
rpm -Fvh mysql-3.23.44-24.i386.rpm \
         mysql-client-3.23.44-24.i386.rpm \
         mysql-devel-3.23.44-24.i386.rpm
SuSE-8.0
--------
rpm -Fvh mysql-3.23.48-78.i386.rpm \
         mysql-client-3.23.48-78.i386.rpm \
         mysql-devel-3.23.48-78.i386.rpm

SuSE-8.1
--------
rpm -Fvh mysql-3.23.52-44.i386.rpm \
         mysql-client-3.23.52-44.i386.rpm \
         mysql-devel-3.23.52-44.i386.rpm

Mandrake 7.2
------------
rpm -Fvh MySQL-3.23.31-1.3mdk.i586.rpm \
         MySQL-bench-3.23.31-1.3mdk.i586.rpm \
         MySQL-client-3.23.31-1.3mdk.i586.rpm \
         MySQL-devel-3.23.31-1.3mdk.i586.rpm \
         MySQL-shared-3.23.31-1.3mdk.i586.rpm

Mandrake 8.0
------------
rpm -Fvh MySQL-3.23.36-2.2mdk.i586.rpm \
         MySQL-bench-3.23.36-2.2mdk.i586.rpm \
         MySQL-client-3.23.36-2.2mdk.i586.rpm \
         MySQL-devel-3.23.36-2.2mdk.i586.rpm \
         MySQL-shared-3.23.36-2.2mdk.i586.rpm

Mandrake 8.1
------------
rpm -Fvh MySQL-3.23.41-5.2mdk.i586.rpm \
         MySQL-bench-3.23.41-5.2mdk.i586.rpm \
         MySQL-client-3.23.41-5.2mdk.i586.rpm \
         MySQL-devel-3.23.41-5.2mdk.i586.rpm \
         MySQL-shared-3.23.41-5.2mdk.i586.rpm

Mandrake 8.2
------------
rpm -Fvh MySQL-3.23.47-5.2mdk.i586.rpm \
         MySQL-bench-3.23.47-5.2mdk.i586.rpm \
         MySQL-client-3.23.47-5.2mdk.i586.rpm \
         MySQL-devel-3.23.47-5.2mdk.i586.rpm \
         MySQL-shared-3.23.47-5.2mdk.i586.rpm

Mandrake 9.0
------------
rpm -Fvh MySQL-3.23.52-1.2mdk.i586.rpm \
         MySQL-Max-3.23.52-1.2mdk.i586.rpm \
         MySQL-bench-3.23.52-1.2mdk.i586.rpm \
         MySQL-client-3.23.52-1.2mdk.i586.rpm \
         libmysql10-3.23.52-1.2mdk.i586.rpm \
         libmysql10-devel-3.23.52-1.2mdk.i586.rpm

Debian 2.2 (potato)
-------------------
upgrade to mysql-server_3.22.32-6.3_i386.deb, 
           mysql-client_3.22.32-6.3_i386.deb

Debian 3.0 (woody)
------------------
upgrade to mysql-server_3.23.49-8.2_i386.deb,
           mysql-client_3.23.49-8.2_i386.deb,
           libmysqlclient10_3.23.49-8.2_i386.deb,
           libmysqlclient10-dev_3.23.49-8.2_i386.deb

Prev by Date: [linux-security] cyrus-imapd remote exploit
Next by Date: [linux-security] local and remote compromises in cups
Prev by thread: [linux-security] local and remote compromises in cups
Next by thread: [linux-security] cyrus-imapd remote exploit
Index(es):
- Date
- Thread