[VulnWatch] Multiple MySQL bugs

From: Rain Forest Puppy (rfp@vulnwatch.org)
Date: 01/22/03

  • Next message: Alex Loots: "[VulnWatch] IE chain vulnerability"
    Date: Wed, 22 Jan 2003 01:03:41 +0000 (GMT)
    From: Rain Forest Puppy <rfp@vulnwatch.org>
    To: vulnwatch@vulnwatch.org
    
    

    http://www.mysql.com/doc/en/News-3.23.54.html

    Below is a few snippets from the MySQL changelog:

    - Fixed a bug, that allowed to crash mysqld with a specially crafted
    packet.

    - Fixed a rare crash (double free'd pointer) when altering a temporary
    table.

    - Fixed buffer overrun in libmysqlclient library that allowed malicious
    MySQL server to crash the client application.

    - Fixed security-related bug in mysql_change_user() handling. All users
    are strongly recommended to upgrade to the version 3.23.54.

    Also of note is that the newly released MySQL 4.1 (alpha) series now has
    support for subselects. That means SQL tampering with MySQL just got more
    interesting, as you can now run additional queries if you craft your SQL
    carefully. Prior to version 4.1 you were only limited to manipulated the
    current query, which usually didn't produce a lot of interesting stuff
    (besides the occasional 'INTO OUTFILE' or '1==1' clauses).

    - rfp



    Relevant Pages

    • Re: Mysql server not able to stay running on anything but Linux?
      ... >> As you know from various threads on the FreeBSD ... >> significant issue just reproducing the problem. ... > So far we have had only one crash that seemed to have ... >> MYSQL doesn't ...
      (freebsd-questions)
    • msadasql.dll AV after mysql 4.0 upgrade
      ... We recently upgraded to MySQL4.0 (Due to a bug in MySQL 3.23 which was ... Perl, some in Kylix1, some in Kylix 3 work fine with the new server. ... However, on one w2k workstation, all the apps created in Delphi7 crash ... The Delphi7 crash is very perculiar in the IDE.... ...
      (borland.public.delphi.database.ado)
    • ADO msdasql.dll access violation after mysql upgrade
      ... We recently upgraded to MySQL4.0 (Due to a bug in MySQL 3.23 which was ... Perl, some in Kylix1, some in Kylix 3 work fine with the new server. ... However, on one w2k workstation, all the apps created in Delphi7 crash ... The Delphi7 crash is very perculiar in the IDE.... ...
      (borland.public.delphi.database.ado)