* Technical Description *
Multiple vulnerabilities were identified in MySQL, which could be exploited by malicious users to execute arbitrary commands or cause a denial of service.
The first issue is due to an input validation error when processing requests containing backslash characters "\", which could be exploited by malicious users to conduct directory traversal attacks. Exploitation would require the ability to create user-defined functions.
The second flaw is due to buffer overflow error in the "init_syms()" function when processing specially crafted function names, which could be exploited by malicious users to execute arbitrary commands. Exploitation would require the ability to create user-defined functions.
The third vulnerability is due to an error when loading invalid library files, which could be exploited by malicious users (with insert privileges) to cause a denial of service.
The fourth issue is due to an error where MySQL fails to filter execution of arbitrary libraries, which could be exploited by malicious users to load arbitrary libraries/functions and overwrite arbitrary memory locations. Exploitation would require the ability to create user-defined functions.
* Affected Products *
MySQL versions prior to 4.0.25
MySQL versions prior to 4.1.13
MySQL versions prior to 5.0.7-beta
* Solution *
Upgrade to MySQL versions 4.0.25, 4.1.13, or 5.0.7-beta :
http://dev.mysql.com/downloads/ * References *
http://www.frsirt.com/english/advisories/2005/1343http://www.appsecinc.com/resources/alerts/mysql/2005-001.htmlhttp://www.appsecinc.com/resources/alerts/mysql/2005-002.htmlhttp://www.appsecinc.com/resources/alerts/mysql/2005-003.html
AlphaOne Technology Support Forums
Author
Logged
