lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041125121520.GA14960@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-32-1] mysql vulnerabilities

===========================================================
Ubuntu Security Notice USN-32-1		  November 25, 2004
mysql-dfsg vulnerabilities
CAN-2004-0836, CAN-2004-0837, CAN-2004-0956, CAN-2004-0957
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

mysql-server

The problem can be corrected by upgrading the affected package to
version 4.0.20-2ubuntu1.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Several vulnerabilities have been discovered in the MySQL database
server.

Lukasz Wojtow discovered a potential buffer overflow in the function
mysql_real_connect(). A malicious name server could send specially
crafted DNS packages which might result in execution of arbitrary code
with the database server's privileges. However, it is believed that
this bug cannot be exploited with the C Standard library (glibc) that
Ubuntu uses. (CAN-2004-0836).

Dean Ellis noticed a flaw that allows an authorized MySQL user to
cause a denial of service (crash or hang) via concurrent execution of
certain statements (ALTER TABLE ... UNION=, FLUSH TABLES) on tables of
type MERGE (CAN-2004-0837)

Some query strings containing a double quote (like MATCH ... AGAINST
(' some " query' IN BOOLEAN MODE) ) that did not have a matching
closing double quote caused a denial of service (server crash). Again,
this is only exploitable by authorized mysql users.  (CAN-2004-0956)

If a user was granted privileges to a database with a name containing
an underscore ("_"), the user also gained the ability to grant
privileges to other databases with similar names. (CAN-2004-0957)

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-2ubuntu1.1.diff.gz
      Size/MD5:   165384 7f507b594e9d5d9cd0a7adb2eca5d0c4
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-2ubuntu1.1.dsc
      Size/MD5:      892 3afca4b6ec963ad9c239deb7df0c556d
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20.orig.tar.gz
      Size/MD5:  9760117 f092867f6df2f50b34b8065312b9fb2b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.20-2ubuntu1.1_all.deb
      Size/MD5:    24012 44750442562ef128334a4ad1bcfef15c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.1_amd64.deb
      Size/MD5:  2809794 a257ea0675c52c60b5d1ef3d5dfadebc
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.1_amd64.deb
      Size/MD5:   304040 759952b1db7359f3f3b54d3d3bbc11ff
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.1_amd64.deb
      Size/MD5:   422102 d95d773d2479c3878a56248cdf2428de
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.1_amd64.deb
      Size/MD5:  3576654 4641b0ff8d06e82e21648352f01282d2

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.1_i386.deb
      Size/MD5:  2773050 4717ed4d1405d70c6ede0056ee40e490
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.1_i386.deb
      Size/MD5:   287018 5b18d12015bb46bf0c89e5bcc323b0a5
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.1_i386.deb
      Size/MD5:   396026 097eff3da7fc711a52473f62535c5d04
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.1_i386.deb
      Size/MD5:  3485608 0886647a564f4136efc4f72f694d22c3

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.1_powerpc.deb
      Size/MD5:  3109072 b510d1c4a3a33da55cb3b97a612b2e19
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.1_powerpc.deb
      Size/MD5:   307718 55738df34a3f30e34d702d8b804bb57a
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.1_powerpc.deb
      Size/MD5:   451512 7dcb7e811ff6a0a8a0528bbb49229ac1
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.1_powerpc.deb
      Size/MD5:  3769072 f7274343ac2163a0ff377c9cad1ec07e
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041125/f27131d7/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ