Debian: mysql buffer overflow vulnerability

    Date15 Sep 2003
    Posted ByLinuxSecurity Advisories
    MySQL contains a bufferoverflow condition which could be exploited by a user who haspermission to execute "ALTER TABLE" commands on the tables in the"mysql" database.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 381-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Matt Zimmerman
    September 13th, 2003           
    - --------------------------------------------------------------------------
    Package        : mysql
    Vulnerability  : buffer overflow
    Problem-Type   : remote
    Debian-specific: no
    CVE Ids        : CAN-2003-0780
    MySQL, a popular relational database system, contains a buffer
    overflow condition which could be exploited by a user who has
    permission to execute "ALTER TABLE" commands on the tables in the
    "mysql" database.  If successfully exploited, this vulnerability
    could allow the attacker to execute arbitrary code with the
    privileges of the mysqld process (by default, user "mysql").  Since
    the "mysql" database is used for MySQL's internal record keeping, by
    default the mysql administrator "root" is the only user with
    permission to alter its tables.
    For the stable distribution (woody) this problem has been fixed in
    version 3.23.49-8.5.
    For the unstable distribution (sid) this problem will be fixed soon.
    Refer to Debian bug #210403.
    We recommend that you update your mysql package.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      886 7107830c1ec314067ce5dc494318d40d
          Size/MD5 checksum:    61337 0a916715c546b6dcab060063b9d35393
          Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a
      Architecture independent components:
          Size/MD5 checksum:    16702 ae5d7baf1bd72226740aff1a5de05af6
          Size/MD5 checksum:  1962992 a4cacebaadf9d5988da0ed1a336b48e6
      Alpha architecture:
          Size/MD5 checksum:   277506 404523a2d8042a221607e6b515f7b9e3
          Size/MD5 checksum:   778546 ba259a789a9079fd64745773833d1912
          Size/MD5 checksum:   163286 7fb3283ba5443e6d34fe1ae8865ae08e
          Size/MD5 checksum:  3634080 35b40744a3e1969697aa32f3d9c01772
      ARM architecture:
          Size/MD5 checksum:   238116 215806b2a8555a4749c81a8b93a4aad3
          Size/MD5 checksum:   634422 fd538ea69c4b07c8b16368dca2b68c55
          Size/MD5 checksum:   123714 729b51321b3dd0803a3f9a0d22d83ffe
          Size/MD5 checksum:  2805762 7334c08c8f9750428dce4e7595e11807
      Intel IA-32 architecture:
          Size/MD5 checksum:   234482 3acfaaccb3b96e8fc570152cc6573440
          Size/MD5 checksum:   576440 2afe39ec84c7a7753e3bd932fb0ea1cc
          Size/MD5 checksum:   122326 85462ed38b0d51a5775356d8a33fe79c
          Size/MD5 checksum:  2800542 aa338ea1e99fe7a577a51d657530485e
      Intel IA-64 architecture:
          Size/MD5 checksum:   314840 c0ce30c7df2a67be46030ef2996f9450
          Size/MD5 checksum:   848376 b8a00feaa674c14be926711b0bcb70dd
          Size/MD5 checksum:   173564 306addac744ed9d76a4b1a3ed2578f6b
          Size/MD5 checksum:  3999942 7f3ee1c27e7f631e1862db0281a76956
      HP Precision architecture:
          Size/MD5 checksum:   280402 e7c21784aa4262e7b87c6e7dd7c106f9
          Size/MD5 checksum:   743498 638190fa05f1b6b4f4accd0078a0db23
          Size/MD5 checksum:   140382 fc6d227a8de9d27d499db2ce57d66630
          Size/MD5 checksum:  3514718 bc700968a2326d266a385c1017e9b7aa
      Motorola 680x0 architecture:
          Size/MD5 checksum:   227458 301ee5a393aede312c0c387fbd8d8f10
          Size/MD5 checksum:   557496 5a3a89901ac58539be03dc9306db3940
          Size/MD5 checksum:   118144 c4a8dadc921151d7baf91e68a1db5619
          Size/MD5 checksum:  2646450 54edc48fc5ba4c963311ef2e280b348e
      Big endian MIPS architecture:
          Size/MD5 checksum:   250720 ee73c018988e1ae8ffcecd0dd8488f45
          Size/MD5 checksum:   688834 cdf66126cd1ff17780b2b47defb7faa5
          Size/MD5 checksum:   133656 2934c95216fd1ff7150d4e271cc5cb6a
          Size/MD5 checksum:  2847598 f500c10cafdb159b41af98c7188b1de2
      Little endian MIPS architecture:
          Size/MD5 checksum:   250390 816858ee19aaa2428eb33a25cf904331
          Size/MD5 checksum:   688154 aae88f8a2d76308a5877d6ae3a738f1e
          Size/MD5 checksum:   134004 5d04ab26e1ebe2be2a9881542b422b92
          Size/MD5 checksum:  2838974 785721f5b59fbee4628d9fcb2fc4c472
      PowerPC architecture:
          Size/MD5 checksum:   247484 3afced55ed34b6eb7466aeb641812251
          Size/MD5 checksum:   652420 d2fe0c7ad97b934c99806b5924395c14
          Size/MD5 checksum:   129212 2b19bdbea7c12ce806606db4b2a54fc2
          Size/MD5 checksum:  2822744 825aba2752f60459586e4eef0b43bfe2
      IBM S/390 architecture:
          Size/MD5 checksum:   249804 90010b1005ec61befbc21bdb3a725e7f
          Size/MD5 checksum:   606890 844d89843417dd94a7a3d60f443708df
          Size/MD5 checksum:   126194 029e8fe65e03c5e6a0d9168d532e0d72
          Size/MD5 checksum:  2690976 55b0a91c74e10f327be3c1edfe18834b
      Sun Sparc architecture:
          Size/MD5 checksum:   241002 3909504647aba0d22e2d13101762cb8e
          Size/MD5 checksum:   615542 72d29f54cd2d0c66e8b6781f947f115c
          Size/MD5 checksum:   130166 9b5e870572608919256b0bb0496d5089
          Size/MD5 checksum:  2939208 ab104dc4342d279713bac3124dfc7b1b
      These files will probably be moved into the stable distribution on
      its next revision.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"90","type":"x","order":"1","pct":78.95,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.79,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.26,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350


    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.