Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#4589 - MySQL - Multiple Information Leakage Problems - ALST
Attached to Project:
Arch Linux
Opened by James Fryman (jfryman) - Sunday, 07 May 2006, 14:40 GMT
Last edited by Jan de Groot (JGC) - Wednesday, 17 May 2006, 21:29 GMT
Opened by James Fryman (jfryman) - Sunday, 07 May 2006, 14:40 GMT
Last edited by Jan de Groot (JGC) - Wednesday, 17 May 2006, 21:29 GMT
|
DetailsStefano di Paola has found two exploits in MySQL that provide information leakage to attackers. The following exploits are found in Arch Package:
1) COM_TABLE_DUMP 2) Anonymous Login Handshake COM_TABLE_DUMP ---------------- - Summary: MySQL Server has an information leakage flaw, if a malicious client sends a specific forged packet. Moreover some particular input can crash the server by overwriting the stack, which could lead to remote server compromise. .The information Leakage (<=5.0.20, <= 4.0.26, <= 4.1.18, <= 5.1.?)- Abstract: An authenticated user could read random memory from MySQL server, by taking advantage of a non checked packet length. An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. Anonymous Login Handshake ------------------------- MySQL Server (<= 4.1.18, 5.0.20 ) has an information leakage in the way mysql parses login packets on anonymous users (blank password). Solution -------- Upgrade to MySQL 5.0.21 References & PoC ---------------- http://www.securityfocus.com/archive/1/432734 http://www.securityfocus.com/archive/1/432733 |
This task depends upon
Closed by Judd Vinet (judd)
Wednesday, 17 May 2006, 21:36 GMT
Reason for closing: Fixed
Additional comments about closing: Up'ed to 5.0.21
Wednesday, 17 May 2006, 21:36 GMT
Reason for closing: Fixed
Additional comments about closing: Up'ed to 5.0.21
CVE-2006-1516
CVE-2006-1517
See http://www.securityfocus.com/bid/17780 for more information.