[VulnWatch] Multiple MySQL bugs

From: Rain Forest Puppy (rfp@vulnwatch.org)
Date: 01/22/03

  • Next message: Alex Loots: "[VulnWatch] IE chain vulnerability"
    Date: Wed, 22 Jan 2003 01:03:41 +0000 (GMT)
    From: Rain Forest Puppy <rfp@vulnwatch.org>
    To: vulnwatch@vulnwatch.org
    
    

    http://www.mysql.com/doc/en/News-3.23.54.html

    Below is a few snippets from the MySQL changelog:

    - Fixed a bug, that allowed to crash mysqld with a specially crafted
    packet.

    - Fixed a rare crash (double free'd pointer) when altering a temporary
    table.

    - Fixed buffer overrun in libmysqlclient library that allowed malicious
    MySQL server to crash the client application.

    - Fixed security-related bug in mysql_change_user() handling. All users
    are strongly recommended to upgrade to the version 3.23.54.

    Also of note is that the newly released MySQL 4.1 (alpha) series now has
    support for subselects. That means SQL tampering with MySQL just got more
    interesting, as you can now run additional queries if you craft your SQL
    carefully. Prior to version 4.1 you were only limited to manipulated the
    current query, which usually didn't produce a lot of interesting stuff
    (besides the occasional 'INTO OUTFILE' or '1==1' clauses).

    - rfp