[ GLSA 200410-22 ] MySQL: Multiple vulnerabilities

From: Thierry Carrez (koon_at_gentoo.org)
Date: 10/24/04

  • Next message: Matthias Geerdsen: "[ GLSA 200410-23 ] Gaim: Multiple vulnerabilities"
    Date: Sun, 24 Oct 2004 16:29:45 +0200
    To: gentoo-announce@lists.gentoo.org
    
    
    

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 200410-22
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                                http://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

      Severity: High
         Title: MySQL: Multiple vulnerabilities
          Date: October 24, 2004
          Bugs: #67062
            ID: 200410-22

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Several vulnerabilities including privilege abuse, Denial of Service,
    and potentially remote arbitrary code execution have been discovered
    in MySQL.

    Background
    ==========

    MySQL is a popular open-source, multi-threaded, multi-user SQL database
    server.

    Affected packages
    =================

        -------------------------------------------------------------------
         Package / Vulnerable / Unaffected
        -------------------------------------------------------------------
      1 dev-db/mysql < 4.0.21 >= 4.0.21

    Description
    ===========

    The following vulnerabilities were found and fixed in MySQL:

    Oleksandr Byelkin found that ALTER TABLE ... RENAME checks
    CREATE/INSERT rights of the old table instead of the new one
    (CAN-2004-0835). Another privilege checking bug allowed users to grant
    rights on a database they had no rights on.

    Dean Ellis found a defect where multiple threads ALTERing the MERGE
    tables to change the UNION could cause the server to crash
    (CAN-2004-0837). Another crash was found in MATCH ... AGAINST() queries
    with missing closing double quote.

    Finally, a buffer overrun in the mysql_real_connect function was found
    by Lukasz Wojtow (CAN-2004-0836).

    Impact
    ======

    The privilege checking issues could be used by remote users to bypass
    their rights on databases. The two crashes issues could be exploited by
    a remote user to perform a Denial of Service attack on MySQL server.
    The buffer overrun issue could also be exploited as a Denial of Service
    attack, and may allow to execute arbitrary code with the rights of the
    MySQL daemon (typically, the "mysql" user).

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All MySQL users should upgrade to the latest version:

        # emerge sync

        # emerge -pv ">=dev-db/mysql-4.0.21"
        # emerge ">=dev-db/mysql-4.0.21"

    References
    ==========

      [ 1 ] CAN-2004-0835
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835
      [ 2 ] CAN-2004-0836
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836
      [ 3 ] CAN-2004-0837
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837
      [ 4 ] Privilege granting bug
            http://bugs.mysql.com/bug.php?id=3933
      [ 5 ] MATCH ... AGAINST crash bug
            http://bugs.mysql.com/bug.php?id=3870

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

      http://security.gentoo.org/glsa/glsa-200410-22.xml

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users machines is of utmost
    importance to us. Any security concerns should be addressed to
    security@gentoo.org or alternatively, you may file a bug at
    http://bugs.gentoo.org.

    License
    =======

    Copyright 2004 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/1.0

    
    



  • Next message: Matthias Geerdsen: "[ GLSA 200410-23 ] Gaim: Multiple vulnerabilities"

    Relevant Pages