Root exploit in MySQL 3.23 < .56?
From: Steve Linberg (slinberg_at_crocker.com)
Date: 05/06/03
- Next message: Keith: "Re: Strange log"
- Previous message: Walter Dnes: "ssh linux <==> sshd HPUX"
- Next in thread: $20 Nose Job: "Re: Root exploit in MySQL 3.23 < .56?"
- Reply: $20 Nose Job: "Re: Root exploit in MySQL 3.23 < .56?"
- Reply: Jan Reilink: "Re: Root exploit in MySQL 3.23 < .56?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 06 May 2003 00:36:36 GMT
Just got a message from the Red Hat update thingy saying a remote root
exploit has been found for MySQL 3.23, all versions below the most
recent (.56).
I'm rebuilding on several servers right now, but I'm a little surprised
that this doesn't seem to be under discussion in the usual places you'd
expect to see references to a problem as widespread and presumably
dangerous as this one. A LOT of people use MySQL 3.23.x and everybody
is supposed to upgrade, apparently.
The only information out there that I can find is thin so far:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0150
Anybody have more? Am I misunderstanding this?
Text of the Red Hat message follows:
=====================================================================
Red Hat Network has determined that the following advisory is applicable
to
one or more of the systems you have registered:
Complete information about this errata can be found at the following
location:
https://rhn.redhat.com/network/errata/errata_details.pxt?eid=1625
Security Advisory - RHSA-2003:093-14
-------------------------------------------------------------------------
-----
Summary:
Updated MySQL packages fix vulnerabilities
Updated MySQL server packages fix both a double-free security
vulnerability and a root exploit security vulnerability.
[Updated 1 May 2003]
Added updated packages for Red Hat Linux 9, which is vulnerable to
CAN-2003-0150.
Description:
MySQL is a multi-user, multi-threaded SQL database server.
A double-free vulnerability in mysqld, for MySQL before version 3.23.55,
allows attackers with MySQL access to cause a denial of service (crash)
by
creating a carefully crafted client application. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name
CAN-2003-0073 to this issue.
MySQL 3.23.55 and earlier creates world-writable files and allows mysql
users to gain root privileges by using the "SELECT * INFO OUTFILE"
operator
to overwrite a configuration file and cause mysql to run as root upon
restart. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0150 to this issue.
All users are advised to upgrade to MySQL 3.23.56 contained within this
errata which is not vulnerable to these issues.
In addition to the security fixes, these erratum packages contain a
thread safe client library (libmysqlclient_r).
References:
http://www.mysql.com/doc/en/News-3.23.55.html
http://www.mysql.com/doc/en/News-3.23.56.html
-----------------------------------------------------------------
- Next message: Keith: "Re: Strange log"
- Previous message: Walter Dnes: "ssh linux <==> sshd HPUX"
- Next in thread: $20 Nose Job: "Re: Root exploit in MySQL 3.23 < .56?"
- Reply: $20 Nose Job: "Re: Root exploit in MySQL 3.23 < .56?"
- Reply: Jan Reilink: "Re: Root exploit in MySQL 3.23 < .56?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
