[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] SCOSA-2006.18 UnixWare 7.1.4 : MySQL User-Defined Function Buffer Overflow Vulnerability
- To: security-announce@xxxxxxxxxxxx
- Subject: [Full-disclosure] SCOSA-2006.18 UnixWare 7.1.4 : MySQL User-Defined Function Buffer Overflow Vulnerability
- From: SCO Security Advisories <security@xxxxxxx>
- Date: Mon, 10 Apr 2006 11:41:34 -0700
--
Dr. Ronald Joe Record
SCO Security Officer
rr@xxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.4 : MySQL User-Defined Function Buffer
Overflow Vulnerability
Advisory number: SCOSA-2006.18
Issue date: 2006 April 09
Cross reference: fz533383
CVE-2005-2558
______________________________________________________________________________
1. Problem Description
Stack-based buffer overflow in the init_syms function in
MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before
5.0.7-beta allows remote authenticated users who can create
user-defined functions to execute arbitrary code via a long
function_name field.
MySQL is prone to a buffer overflow vulnerability. This issue
is due to insufficient bounds checking of data supplied as
an argument in a user-defined function.
This issue could be exploited by a database user with
sufficient access to create a user-defined function. It may
also be possible to exploit this issue trhough latent SQL
injection vulnerabilities in third-party applications that
use the database as a backend.
Successful exploitation will result in execution of arbitrary
code in the context of the database server process.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-2558 to
this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 MySQL package
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.4
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.18
4.2 Verification
MD5 (MySQL-5.0.19.pkg) = 4c28fe91016cc1f58cb0c4565839b698
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download MySQL-5.0.19.pkg to the /var/spool/pkg directory
Download README-MySQL-5.0.19-UW7 to the /tmp directory
View the MySQL 5.0.19 installation notes in the file
/tmp/README-MySQL-5.0.19-UW7
Install the MySQL 5.0.19 package with the command
# pkgadd -d /var/spool/pkg/MySQL-5.0.19.pkg
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2558
http://www.securityfocus.com/bid/14509
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz533383.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
7. Acknowledgments
Discovery of this vulnerability is credited to Reid Borsuk of
Application Security Inc.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)
iD8DBQFEOciAaqoBO7ipriERAj3jAJ9sZSmD2niRFWBgyAlRkbWT7Fz6BgCgmnRF
vPk4arcB3KYZOrTE/hXY2pw=
=MvZC
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/