Debian: DSA-212-1 Critical: MySQL Memory Corruption and Code Execution
debian
December 17, 2002
There are multiple vulnerabilities in mysql.
Topics Covered
Summary
Package : mysql
Problem type : multiple problems
Debian-specific: no
CVE references : CAN-2002-1373, CAN-2002-1374, CAN-2002-1375, CAN-2002-1376
While performing an audit of MySQL e-matters found several problems:
* signed/unsigned problem in COM_TABLE_DUMP
Two sizes were taken as signed integers from a request and then cast
to unsigned integers without checking for negative numbers. Since the
resulting numbers where used for a memcpy() operation this could lead
to memory corruption.
* Password length handling in COM_CHANGE_USER
When re-authenticating to a different user MySQL did not perform
all checks that are performed on initial authentication. This created
two problems:
* it allowed for single-character password brute forcing (as was fixed in
February 2000 for initial login) which could be used by a normal user to
gain root privileges to the database
* it was possible to overflow the password buffer and force the server
to execute arbitrary code
* read_rows(...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!