Thread-topic: [SA19929] MySQL Information Disclosure and Buffer Overflow Vulnerabilities
>
>
> TITLE:
> MySQL Information Disclosure and Buffer Overflow Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA19929
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Less critical
>
> IMPACT:
> Exposure of sensitive information, System access
>
> WHERE:
> From local network
>
> SOFTWARE:
> MySQL 4.x
>
> MySQL 5.x
>
>
> DESCRIPTION:
> Stefano Di Paola has reported some vulnerabilities in MySQL, which
> can be exploited by malicious users to disclose potentially sensitive
> information and compromise a vulnerable system.
>
> 1) An error within the code that generates an error response to an
> invalid COM_TABLE_DUMP packet can be exploited by an authenticated
> client to disclosure certain memory content of the server process.
>
> The vulnerability has been reported in version 4.0.26, 4.1.18, and
> 5.0.20. Prior versions may also be affected.
>
> 2) A boundary error within the handling of specially crafted invalid
> COM_TABLE_DUMP packets can be exploited by an authenticated client to
> cause a buffer overflow and allows arbitrary code execution.
>
> The vulnerability has been reported in version 5.0.20. Prior versions
> may also be affected.
>
> 3) An error within the handling of malformed login packets can be
> exploited to disclosure certain memory content of the server process
> in the error messages.
>
> The vulnerability has been reported in version 4.0.26, 4.1.18, and
> 5.0.20. Prior versions may also be affected.
>
> SOLUTION:
> Update to the fixed versions.
>
> MySQL 4.x:
> The vulnerability will be fixed in version 4.1.19.
>
> MySQL 5.0.x:
> Update to version 5.0.21.
>
>
> MySQL 5.1.x:
> The vulnerability will be fixed in version 5.1.10.
>
> PROVIDED AND/OR DISCOVERED BY:
> Stefano Di Paola
>
> ORIGINAL ADVISORY:
> MySQL:
>
>
>
>
> Wisec:
>
>
>
>
