(Conectiva Issues Fix) MySQL May Let Remote Authenticated Users Access Restricted Tables or Crash the System
|
|
SecurityTracker Alert ID: 1012270 |
|
SecurityTracker URL: http://securitytracker.com/id/1012270
|
|
CVE Reference:
CVE-2004-0835, CVE-2004-0837
(Links to External Site)
|
Date: Nov 19 2004
|
Impact:
Denial of service via network, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.23
|
Description:
Two vulnerabilities were reported in MySQL. A remote authenticated user may be able to gain elevated privileges. A remote authenticated user may be able to cause denial of service conditions.
In March 2004, Oleksandr Byelkin reported that an 'alter table [...] rename [...]' command will check the create/insert rights of the old table instead of the new table [CVE: CAN-2004-0835]. As a result, a user may be able to gain access to tables that the user is not authorized to access.
In January 2004, Dean Ellis reported that if multiple threads issue 'alter' commands against 'merge' tables to modify the 'union', the target server may crash [CVE: CAN-2004-0837].
The original bug reports are available at:
http://bugs.mysql.com/bug.php?id=3270
http://bugs.mysql.com/bug.php?id=2408
|
Impact:
A remote authenticated user may be able to gain elevated privileges.
A remote authenticated user may be able to cause denial of service conditions.
|
Solution:
Conectiva has issued a fix.
ftp://atualizacoes.conectiva.com.br/10/SRPMS/mysql-4.0.15-62448U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libmysqlclient-devel-4.0.15-62448U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libmysqlclient-devel-static-4.0.15-62448U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libmysqlclient12-4.0.15-62448U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-4.0.15-62448U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-bench-4.0.15-62448U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-client-4.0.15-62448U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-doc-4.0.15-62448U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/MySQL-3.23.58-20507U90_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-3.23.58-20507U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-bench-3.23.58-20507U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-client-3.23.58-20507U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-devel-3.23.58-20507U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-devel-static-3.23.58-20507U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-doc-3.23.58-20507U90_2cl.i386.rpm
|
Vendor URL: www.mysql.com/ (Links to External Site)
|
Cause:
Access control error, Exception handling error, State error
|
Underlying OS:
Linux (Conectiva)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 18 Nov 2004 11:48:55 -0200
Subject: [CLA-2004:892] Conectiva Security Announcement - MySQL
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------
PACKAGE : MySQL
SUMMARY : Fixes for several mysql vulnerabilities
DATE : 2004-11-18 11:48:00
ID : CLA-2004:892
RELEVANT
RELEASES : 9, 10
- -------------------------------------------------------------------------
DESCRIPTION
MySQL[1] is a very popular SQL database.
This announcement fixes several vulnerabilities discovered in MySQL:
1.CAN-2004-0835
Oleksandr Byelkin noticed[2] that ALTER TABLE ... RENAME checks
CREATE/INSERT rights of the old table instead of the new one.
2.CAN-2004-0836
Lukasz Wojtow noticed[3] a buffer overrun in the
mysql_real_connect() function.
3.CAN-2004-0837
Dean Ellis noticed[4] that multiple threads altering MERGE table
UNIONs can cause the server to crash or stall.
For Conectiva Linux 10, it also fixes a denial of service[5] with
MATCH..AGAINST and a privilege escalation[6] on GRANT ALL ON
`Foo\_Bar`
SOLUTION
We recommend that all MySQL users upgrade their packages as soon as
possible.
IMPORTANT: after the upgrade at Conectiva Linux 9, the mysql service
must be restarted manually. In order to do that, run the following
command as root:
# /sbin/service mysql restart
REFERENCES
1.http://www.mysql.com/products/mysql/
2.http://bugs.mysql.com/bug.php?id=3270
3.http://bugs.mysql.com/bug.php?id=4017
4.http://bugs.mysql.com/bug.php?id=2408
5.http://bugs.mysql.com/bug.php?id=3870
6.http://bugs.mysql.com/bug.php?id=3933
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/mysql-4.0.15-62448U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libmysqlclient-devel-4.0.15-62448U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libmysqlclient-devel-static-4.0.15-62448U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libmysqlclient12-4.0.15-62448U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-4.0.15-62448U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-bench-4.0.15-62448U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-client-4.0.15-62448U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-doc-4.0.15-62448U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/MySQL-3.23.58-20507U90_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-3.23.58-20507U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-bench-3.23.58-20507U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-client-3.23.58-20507U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-devel-3.23.58-20507U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-devel-static-3.23.58-20507U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-doc-3.23.58-20507U90_2cl.i386.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions regarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com
- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQFBnKhG42jd0JmAcZARAt+jAKCE/JaHMdtJ80gFPCy+/MHv+R6LAgCg48aM
cCRXlMS1b14/BTCcQodYj84=
=5IpR
-----END PGP SIGNATURE-----
|
|
