Debian Lenny DSA-2057-1 Critical: MySQL Remote DoS and Buffer Overflow
debian
June 7, 2010
Several vulnerabilities have been discovered in the MySQL database server
Topics Covered
Summary
Several vulnerabilities have been discovered in the MySQL
database server.
The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2010-1626
MySQL allows local users to delete the data and index files of another
user's MyISAM table via a symlink attack in conjunction with the DROP
TABLE command.
CVE-2010-1848
MySQL failed to check the table name argument of a COM_FIELD_LIST
command packet for validity and compliance to acceptable table name
standards. This allows an authenticated user with SELECT privileges on
one table to obtain the field definitions of any table in all other
databases and potentially of other MySQL instances accessible from the
server's file system.
CVE-2010-1849
MySQL could be tricked to read packets indefinitely if it received a
packet larger than the maximum size of one packet.
This results in high CPU usage and thus denial of service conditions.
CVE-2010-1850
MySQL was susceptible to a buffer-overflow attack due to a
failure to perform bounds checki...
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Package: mysql-dfsg-5.0
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!