[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] MySQL exploit
- To: linux-security
- Subject: [linux-security] MySQL exploit
- From: Martin Siegert <siegert@sfu.ca>
- Date: Tue, 30 Jan 2001 18:46:16 -0800
- User-Agent: Mutt/1.2i
Topic
=====
Buffer overflow in MySQL allows remote exploit.
Problem Description
===================
A buffer overflow in the mysql server
that leads to a remote exploit. An attacker could gain mysqld
privileges (and thus gaining access to all the databases).
Affected Systems
================
All systems with MySQL install with versions after 3.23.2 and
prior to 3.23.31.
Solution
========
Upgrade to version 3.23.31.
RedHat 7.0
shut the database down before upgrading: "service mysqld stop"
rpm -Fvh mysql-3.23.32-1.7.i386.rpm mysql-devel-3.23.32-1.7.i386.rpm mysql-server-3.23.32-1.7.i386.rpm mysqlclient9-3.23.22-3.i386.rpm
then restart the database server.
Debian 2.2 (potato)
upgrade to mysql-client_3.22.32-4_i386.deb
and mysql-server_3.22.32-4_i386.deb
Mandrake 7.1
rpm -Fvh MySQL-3.22.32-5.1mdk.i586.rpm MySQL-bench-3.22.32-5.1mdk.i586.rpm ySQL-client-3.22.32-5.1mdk.i586.rpm MySQL-devel-3.22.32-5.1mdk.i586.rpm MySQL-shared-libs-3.22.32-5.1mdk.i586
Mandrake 7.2
rpm -Fvh MySQL-3.23.31-1.1mdk.i586.rpm MySQL-bench-3.23.31-1.1mdk.i586.rpm MySQL-client-3.23.31-1.1mdk.i586.rpm MySQL-devel-3.23.31-1.1mdk.i586.rpm MySQL-shared-3.23.31-1.1mdk.i586.rpm
Caldera OpenLinux eDesktop 2.3.1
rpm -F mysql-devel-3.22.32-3S.i386.rpm
rpm -F mysql-bench-3.22.32-3S.i386.rpm
rpm -F --force mysql-client-3.22.32-3S.i386.rpm
rpm -F mysql-3.22.32-3S.i386.rpm
Caldera OpenLinux eDesktop 2.4
rpm -F mysql-devel-3.22.32-3.i386.rpm
rpm -F mysql-bench-3.22.32-3.i386.rpm
rpm -F --force mysql-client-3.22.32-3.i386.rpm
rpm -F mysql-3.22.32-3.i386.rpm