Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[OpenPKG-SA-2004.045] OpenPKG Security Advisory (mysql)
From: OpenPKG <openpkg () openpkg org>
Date: Sat, 30 Oct 2004 13:49:00 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory                            The OpenPKG Project
http://www.openpkg.org/security.html              http://www.openpkg.org
openpkg-security () openpkg org                         openpkg () openpkg org
OpenPKG-SA-2004.045                                          30-Oct-2004
________________________________________________________________________

Package:             mysql
Vulnerability:       multiple vulnerabilities
OpenPKG Specific:    no

Affected Releases:   Affected Packages:        Corrected Packages:
OpenPKG CURRENT      <= mysql-4.0.20-20040910  >= mysql-4.0.21-20040910
OpenPKG 2.2          none                      N.A.
OpenPKG 2.1          <= mysql-4.0.20-2.1.0     >= mysql-4.0.20-2.1.1

Affected Releases:   Dependent Packages:

OpenPKG CURRENT      apache:with_mod_php_mysql apache:with_mod_auth_mysql
                     bind:with_dlz_mysql cacti exim:with_mysql
                     jabberd:with_mysql libgda:with_mysql myodbc mysqlcc
                     perl-dbi:with_dbd_mysql php:with_mysql
                     php3:with_mysql php5:with_mysql postfix:with_mysql
                     powerdns:with_mysql proftpd:with_mysql
                     pureftpd:with_mysql qt:with_mysql rekall:with_mysql
                     ripe-dbase rt:with_db_mysql sasl:with_mysql
                     sendmail:with_mysql snort:with_mysql tacacs:with_mysql

OpenPKG 2.2          N.A.

OpenPKG 2.1          apache:with_mod_php_mysql apache:with_mod_auth_mysql
                     bind:with_dlz_mysql cacti exim:with_mysql
                     perl-dbi:with_dbd_mysql php:with_mysql
                     postfix:with_mysql proftpd:with_mysql
                     pureftpd:with_mysql qt:with_mysql sasl:with_mysql
                     sendmail:with_mysql snort:with_mysql

Description:
  Several vulnerabilities including privilege abuse, Denial of Service,
  and potentially remote arbitrary code execution have been discovered
  in the MySQL RDBMS [1].
  
  Lukasz Wojtow noticed a buffer overrun in the mysql_real_connect
  function. The Common Vulnerabilities and Exposures (CVE) project
  assigned the ids CAN-2004-0836 [2] to this problem.

  Dean Ellis noticed that multiple threads ALTERing the same (or
  different) MERGE tables to change the UNION can cause the server to
  crash or stall. The Common Vulnerabilities and Exposures (CVE) project
  assigned the ids CAN-2004-0837 [3] to this problem.

  A crash can occur with "MATCH..AGAINST", resulting in a denial of
  service (MySQL bugs 3870 and 2708). A privilege escalation can occur
  with "GRANT" (MySQL bug 3933).

  Please check whether you are affected by running "<prefix>/bin/rpm -q
  mysql". If you have the "mysql" package installed and its version is
  affected (see above), we recommend that you immediately upgrade it
  (see Solution) and its dependent packages. [4][5]

Solution:
  Select the updated source RPM appropriate for your OpenPKG release
  [6], fetch it from the OpenPKG FTP service [7] or a mirror location,
  verify its integrity [8], build a corresponding binary RPM from it
  [4] and update your OpenPKG installation by applying the binary RPM
  [5]. For the previous release OpenPKG 2.1, perform the following
  operations to permanently fix the security problem (for other releases
  adjust accordingly).

  $ ftp ftp.openpkg.org
  ftp> bin
  ftp> cd release/2.1/UPD
  ftp> get mysql-4.0.20-2.1.1.src.rpm
  ftp> bye
  $ <prefix>/bin/openpkg rpm -v --checksig mysql-4.0.20-2.1.1.src.rpm
  $ <prefix>/bin/openpkg rpm --rebuild mysql-4.0.20-2.1.1.src.rpm
  $ su -
  # <prefix>/bin/openpkg rpm -Fvh <prefix>/RPM/PKG/mysql-4.0.20-2.1.1.*.rpm

  Additionally, it is recommend that you rebuild and reinstall
  all dependent packages (see above) as well [3][4].
________________________________________________________________________

References:
  [1]  http://www.mysql.com/
  [2]  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836
  [3]  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837
  [4]  http://www.openpkg.org/tutorial.html#regular-source
  [5]  http://www.openpkg.org/tutorial.html#regular-binary
  [6]  ftp://ftp.openpkg.org/release/2.1/UPD/mysql-4.0.20-2.1.1.src.rpm
  [7]  ftp://ftp.openpkg.org/release/2.1/UPD/
  [8]  http://www.openpkg.org/security.html#signature
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg () openpkg org>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/
for details on how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg () openpkg org>

iD8DBQFBg3+SgHWT4GPEy58RApPAAJ9zJUGoZWc2O/gzZU+QsEBx112GewCfeCze
ISdurW/oYeVVZe+vKZIKmYg=
=FgxI
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • [OpenPKG-SA-2004.045] OpenPKG Security Advisory (mysql) OpenPKG (Oct 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]