SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Database)  >   MySQL Vendors:   MySQL.com
MySQL COM_FIELD_LIST Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
SecurityTracker Alert ID:  1024031
SecurityTracker URL:  http://securitytracker.com/id/1024031
CVE Reference:   CVE-2010-1848   (Links to External Site)
Date:  May 26 2010
Impact:   Disclosure of user information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 5.1.47
Description:   A vulnerability was reported in MySQL. A remote authenticated user can obtain elevated privileges on the target database.

The server does not properly validate the table name argument of a COM_FIELD_LIST command packet. A remote authenticated user with SELECT privileges on one table can obtain the field definitions of arbitrary tables from arbitrary databases on the target system.

In version 5.1, a remote authenticated user with DELECT or SELECT privileges on one table can delete or read content of any arbitrary tables from arbitrary databases on the target system.

Impact:   A remote authenticated user with certain privileges can access or modify data from other databases on the target system.
Solution:   The vendor has issued a fix (5.1.47).

The vendor's advisory is available at:

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html

Vendor URL:  www.mysql.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
May 26 2010 (Red Hat Issues Fix) MySQL COM_FIELD_LIST Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 5.
Nov 3 2010 (Red Hat Issues Fix) MySQL COM_FIELD_LIST Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 4.



 Source Message Contents

Date:  Wed, 26 May 2010 20:07:51 +0000
Subject:  MySQL


http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html

Security Fix: The server failed to check the table name argument of a COM_FIELD_LIST 
command packet for validity and compliance to acceptable table name standards. This 
could be exploited to bypass almost all forms of checks for privileges and table-level 
grants by providing a specially crafted table name argument to COM_FIELD_LIST.

In MySQL 5.0 and above, this allowed an authenticated user with SELECT privileges on 
one table to obtain the field definitions of any table in all other databases and 
potentially of other MySQL instances accessible from the server's file system.

Additionally, for MySQL version 5.1 and above, an authenticated user with DELETE or 
SELECT privileges on one table could delete or read content from any other table in 
all databases on this server, and potentially of other MySQL instances accessible from 
the server's file system. (Bug#53371, CVE-2010-1848)

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC