[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] MySQL exploit



Topic
=====
Buffer overflow in MySQL allows remote exploit.

Problem Description
===================
A buffer overflow in the mysql server
that leads to a remote exploit.  An attacker could gain mysqld
privileges (and thus gaining access to all the databases).

Affected Systems
================
All systems with MySQL install with versions after 3.23.2 and
 prior to 3.23.31.

Solution
========
Upgrade to version 3.23.31.

RedHat 7.0
shut the database down before upgrading: "service mysqld stop"
rpm -Fvh mysql-3.23.32-1.7.i386.rpm mysql-devel-3.23.32-1.7.i386.rpm mysql-server-3.23.32-1.7.i386.rpm mysqlclient9-3.23.22-3.i386.rpm
then restart the database server.


Debian 2.2 (potato)
upgrade to mysql-client_3.22.32-4_i386.deb
and mysql-server_3.22.32-4_i386.deb

Mandrake 7.1
rpm -Fvh MySQL-3.22.32-5.1mdk.i586.rpm MySQL-bench-3.22.32-5.1mdk.i586.rpm ySQL-client-3.22.32-5.1mdk.i586.rpm MySQL-devel-3.22.32-5.1mdk.i586.rpm MySQL-shared-libs-3.22.32-5.1mdk.i586

Mandrake 7.2
rpm -Fvh MySQL-3.23.31-1.1mdk.i586.rpm MySQL-bench-3.23.31-1.1mdk.i586.rpm MySQL-client-3.23.31-1.1mdk.i586.rpm MySQL-devel-3.23.31-1.1mdk.i586.rpm MySQL-shared-3.23.31-1.1mdk.i586.rpm

Caldera OpenLinux eDesktop 2.3.1
          rpm -F mysql-devel-3.22.32-3S.i386.rpm
          rpm -F mysql-bench-3.22.32-3S.i386.rpm
          rpm -F --force mysql-client-3.22.32-3S.i386.rpm
          rpm -F mysql-3.22.32-3S.i386.rpm

Caldera OpenLinux eDesktop 2.4
          rpm -F mysql-devel-3.22.32-3.i386.rpm
          rpm -F mysql-bench-3.22.32-3.i386.rpm
          rpm -F --force mysql-client-3.22.32-3.i386.rpm
          rpm -F mysql-3.22.32-3.i386.rpm