aru Posted September 19, 2003 Report Share Posted September 19, 2003 MandrakeSoft Security Advisory MDKSA-2003:094 : MySQL September 18th, 2003 Updated MySQL packages fix buffer overflow vulnerability A buffer overflow was discovered in MySQL that could be executed by any user with "ALTER TABLE" privileges on the "mysql" database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The "mysql" database is used by MySQL for internal record keeping and by default only the "root" user, or MySQL administrative account, has permission to alter its tables. This vulnerability was corrected in MySQL 4.0.15 and all previous versions are vulnerable. These packages have been patched to correct the problem. The released versions of Mandrake GNU/Linux affected are: 8.2 [*] 9.0 [*] 9.1 [*] Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:094 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0780 http://lists.netsys.com/pipermail/full-dis...ber/009819.html Posted automatically by aru (mdksec2mub v0.0.6) Link to comment Share on other sites More sharing options...
Recommended Posts