[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] SCOSA-2006.18.1 UnixWare 7.1.4 : MySQL User-Defined Function Buffer Overflow Vulnerability
- To: security-announce@xxxxxxxxxxxx
- Subject: [Full-disclosure] SCOSA-2006.18.1 UnixWare 7.1.4 : MySQL User-Defined Function Buffer Overflow Vulnerability
- From: SCO Security Advisories <security@xxxxxxx>
- Date: Wed, 31 May 2006 15:17:00 -0700
--
Dr. Ronald Joe Record
SCO Security Officer
rr@xxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.4 : MySQL User-Defined Function Buffer
Overflow Vulnerability
Advisory number: SCOSA-2006.18.1
Issue date: 2006 May 25
Cross reference: fz533822 fz533383
CVE-2005-2558
______________________________________________________________________________
1. Problem Description
Stack-based buffer overflow in the init_syms function in
MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before
5.0.7-beta allows remote authenticated users who can create
user-defined functions to execute arbitrary code via a long
function_name field.
MySQL is prone to a buffer overflow vulnerability. This issue
is due to insufficient bounds checking of data supplied as
an argument in a user-defined function.
This issue could be exploited by a database user with
sufficient access to create a user-defined function. It may
also be possible to exploit this issue trhough latent SQL
injection vulnerabilities in third-party applications that
use the database as a backend.
Successful exploitation will result in execution of arbitrary
code in the context of the database server process.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-2558 to
this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 MySQL package
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.4
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.18.1
4.2 Verification
MD5 (MySQL-5.0.19-01.pkg) = ddeae36d8899addd8519460aaf769057
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download MySQL-5.0.19-01.pkg to the /var/spool/pkg directory
Download README-MySQL-5.0.19-UW7 to the /tmp directory
View the MySQL 5.0.19-01 installation notes in the file
/tmp/README-MySQL-5.0.19-UW7
Install the MySQL 5.0.19-01 package with the command
# pkgadd -d /var/spool/pkg/MySQL-5.0.19-01.pkg
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2558
http://www.securityfocus.com/bid/14509
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz533822 and fz533383.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
7. Acknowledgments
Discovery of this vulnerability is credited to Reid Borsuk of
Application Security Inc. Tim Rice discovered the improper client
library symbolic links.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SCO_SV)
iD8DBQFEddSPaqoBO7ipriERAm3mAJ4iKLESpoWgWtoE5xD0CvBb35Y2MgCdHyz1
0gfs61e+LaOWqpFY+A9U4TU=
=qriE
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/