Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-303-1] MySQL vulnerability
From: Martin Pitt <martin.pitt () canonical com>
Date: Fri, 16 Jun 2006 17:12:59 +0200

=========================================================== 
Ubuntu Security Notice USN-303-1              June 16, 2006
mysql-dfsg-4.1, mysql-dfsg-5.0 vulnerability
CVE-2006-2753
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libmysqlclient14               4.1.12-1ubuntu3.5
  mysql-server-4.1               4.1.12-1ubuntu3.5

Ubuntu 6.06 LTS:
  libmysqlclient15off            5.0.22-0ubuntu6.06
  mysql-server-5.0               5.0.22-0ubuntu6.06

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

An SQL injection vulnerability has been discovered when using less
popular multibyte encodings (such as SJIS, or BIG5) which contain
valid multibyte characters that end with the byte 0x5c (the
representation of the backslash character >>\<< in ASCII). 

Many client libraries and applications use the non-standard, but
popular way of escaping the >>'<< character by replacing all
occurences of it with >>\'<<. If a client application uses one of the
affected encodings and does not interpret multibyte characters, and an
attacker supplies a specially crafted byte sequence as an input string
parameter, this escaping method would then produce a validly-encoded
character and an excess >>'<< character which would end the string.
All subsequent characters would then be interpreted as SQL code, so
the attacker could execute arbitrary SQL commands.

The updated packages fix the mysql_real_escape_string() function to
escape quote characters in a safe way. If you use third-party software
which uses an ad-hoc method of string escaping, you should convert
them to use mysql_real_escape_string() instead, or at least use the
standard SQL method of escaping  >>'<< with  >>''<<.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.5.diff.gz
      Size/MD5:   164408 5397489739ab8a6fa1e2d7571ae16ca2
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.5.dsc
      Size/MD5:     1024 22dc09e63f2b4127c80c059bd6153c04
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12.orig.tar.gz
      Size/MD5: 15921909 c7b83a19bd8a4f42d5d64c239d05121f

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.12-1ubuntu3.5_all.deb
      Size/MD5:    36658 8445340ee40a549040a29f7f89fa6055

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.5_amd64.deb
      Size/MD5:  5831402 04b5f068cace48115f03eaa2945ba4f7
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.5_amd64.deb
      Size/MD5:  1540532 52379ea5384399887a5044e2dc70a362
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.5_amd64.deb
      Size/MD5:   898266 102c1f4e3a52f002c0072639a38fd1f1
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.5_amd64.deb
      Size/MD5: 18433534 0b59eb84f010a37866855db11bc212d4

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.5_i386.deb
      Size/MD5:  5347970 10e3a08014562d78a92c78f9473606ad
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.5_i386.deb
      Size/MD5:  1475306 fe18f1652d49ce4f1f01f1fb41293ee0
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.5_i386.deb
      Size/MD5:   866276 c4620364312b32767f4b8c93ca85ea6a
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.5_i386.deb
      Size/MD5: 17336092 c0a7e15a536c68f101d711faca79acd0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.5_powerpc.deb
      Size/MD5:  6069036 84fe04fd9e556e03a5f8017b0287056e
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.5_powerpc.deb
      Size/MD5:  1548894 042a41167cffb3aa116ceca7b144c04a
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.5_powerpc.deb
      Size/MD5:   937510 b42029e8720887a9414a1e5affdfa2bf
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.5_powerpc.deb
      Size/MD5: 18523172 687d56f3e0ea63af4bc5d972849e7019

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.5_sparc.deb
      Size/MD5:  5657096 78aec682713ebb64ff7f56f5ec30a390
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.5_sparc.deb
      Size/MD5:  1516244 461600c34dd324e019dd5f253864dcb6
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.5_sparc.deb
      Size/MD5:   889180 b06d0b10dec55bf34f6af5f93be4bfb1
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.5_sparc.deb
      Size/MD5: 17738656 2f56d26f632002847a5aa20d13ac3d69

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.diff.gz
      Size/MD5:   124884 30192e23eff142a7d8cd474eb3b65c06
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.dsc
      Size/MD5:     1105 e09e1c03b0e55a97aa2f5b393132596c
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22.orig.tar.gz
      Size/MD5: 18446645 2b8f36364373461190126817ec872031

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.22-0ubuntu6.06_all.deb
      Size/MD5:    36488 bf16f763f6c019d74cd5a55a34954d08
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.22-0ubuntu6.06_all.deb
      Size/MD5:    38988 4b48c8fe34e49ea7690dd847e0210c6e
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.22-0ubuntu6.06_all.deb
      Size/MD5:    36492 51ec1d6030a085747746855f42a247fa

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06_amd64.deb
      Size/MD5:  6724410 3fd45ed8e0dde1ec45da36087fc9b466
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06_amd64.deb
      Size/MD5:  1421368 dd0a24e7f521cae816caaff9dd7b95c1
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06_amd64.deb
      Size/MD5:  6895040 e05408c12fbdeb93ac9af0168a833945
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06_amd64.deb
      Size/MD5: 22490622 353f002eb8bf7adcfb6ac0a2aba200e7

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06_i386.deb
      Size/MD5:  6138262 b8de5bb648d0a6787dc2a75e082fd338
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06_i386.deb
      Size/MD5:  1382000 458f53b535bf7c4240415b7f112398c2
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06_i386.deb
      Size/MD5:  6277278 03772cb73d84fbd786024bed75634f17
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06_i386.deb
      Size/MD5: 21345370 944c51038761b5d180e4a5b9405dd8cd

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06_powerpc.deb
      Size/MD5:  6881628 539aaeb27db75c415f86a08a60922bb6
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06_powerpc.deb
      Size/MD5:  1461696 da724231e301fc18b0068d2b74aba6da
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06_powerpc.deb
      Size/MD5:  6938652 78e94ffbb2e24ca9f0794c412b369009
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06_powerpc.deb
      Size/MD5: 22703752 25b58fa42fb62e132fbbc29e99e91176

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06_sparc.deb
      Size/MD5:  6429614 ae9e41ae750ad73206d9561d59504c5d
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06_sparc.deb
      Size/MD5:  1433786 9e9108f42e43fbdd66fbdaa02d7990ce
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06_sparc.deb
      Size/MD5:  6535966 e909ab275b4ab5fbbc69d2f372532cf3
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06_sparc.deb
      Size/MD5: 21968038 43996ac14852a036d1ed8c4712f94804

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-303-1] MySQL vulnerability Martin Pitt (Jun 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]