----------------------------------------------------------------------- Immunix Secured OS Security Advisory Packages updated: mysql mysqlclient9 Affected products: 7+ Bugs fixed: CAN-2002-1373 CAN-2002-1374 CAN-2002-1375 CAN-2002-1376 Date: Tue Apr 8 2003 Advisory ID: IMNX-2003-7+-008-01 Author: Alan Olsen ----------------------------------------------------------------------- Description: There have been a number of vulnerabilities found in MySQL and the MySQL Client package. Unfortunately, Immunix does not protect against all of these problems. Our recomendation is to upgrade these packages immediately. CAN-2002-1373 Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. CAN-2002-1374 The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. CAN-2002-1375 The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. CAN-2002-1376 libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. Package names and locations: Precompiled binary packages for Immunix 7+ are available at: http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/mysql-3.23.54a-3.70_imnx_1.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/mysql-devel-3.23.54a-3.70_imnx_1.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/mysql-server-3.23.54a-3.70_imnx_1.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/mysqlclient9-3.23.22-8_imnx_1.i386.rpm Immunix OS 7+ md5sums: 6663ff1a67627810d06c82f667f199fc mysql-3.23.54a-3.70_imnx_1.i386.rpm 997db1d0e02aabc1da5aac79f3120e2e mysql-devel-3.23.54a-3.70_imnx_1.i386.rpm 728f760e70b718fd29e4e14027e9070e mysql-server-3.23.54a-3.70_imnx_1.i386.rpm 7055336008114ceec23872238412882d mysqlclient9-3.23.22-8_imnx_1.i386.rpm GPG verification: Our public key is available at <http://wirex.com/security/GPG_KEY>. NOTE: Ibiblio is graciously mirroring our updates, so if the links above are slow, please try: ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/ or one of the many mirrors available at: http://www.ibiblio.org/pub/Linux/MIRRORS.html ImmunixOS 6.2 is no longer officially supported. ImmunixOS 7.0 is no longer officially supported. Contact information: To report vulnerabilities, please contact securityat_private WireX attempts to conform to the RFP vulnerability disclosure protocol <http://www.wiretrip.net/rfp/policy.html>.
This archive was generated by hypermail 2b30 : Wed Apr 09 2003 - 17:16:26 PDT