Csomag : mysql
Probléma típusa : többszörös problémák
Debian-specifikus: nem
CVE referenciák : CAN-2002-1373, CAN-2002-1374, CAN-2002-1375, CAN-2002-1376
A MySQL auditálása során számos biztonsági problémát fedeztek fel:* signed/unsigned problem in COM_TABLE_DUMP
Two sizes were taken as signed integers from a request and then cast to unsigned integers without checking for negative numbers. Since the resulting numbers where used for a memcpy() operation this could lead to memory corruption.
* Password length handling in COM_CHANGE_USER
When re-authenticating to a different user MySQL did not perform all checks that are performed on initial authentication. This created two problems:
- it allowed for single-character password brute forcing (as was fixed in February 2000 for initial login) which could be used by a normal user to gain root privileges to the database
- it was possible to overflow the password buffer and force the server to execute arbitrary code
* read_rows() overflow in libmysqlclient
When processing the rows returned by a SQL server there was no check for overly large rows or terminating NUL characters. This can be used to exploit SQL clients if they connect to a compromised MySQL server.
* read_one_row() overflow in libmysqlclient
When processing a row as returned by a SQL server the returned field sizes were not verified. This can be used to exploit SQL clients if they connect to a compromised MySQL server.
A Debian GNU/Linux 3.0/woody már tartalmazza a 3.23.49-8.2-es javított csomagot, a Debian GNU/Linux 2.2/potato-hoz pedig megjelent a 3.22.32-6.3-as verziójú javított csomag.
Javasoljuk a MySQL csomag azonnali frissítését.
Wichert Akkerman levele a debian-security-announce listán.
A frissítésről szóló FAQ-nk.