PDA

Bekijk Volledige Versie : [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)



OpenPKG
16/12/02, 20:39
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

__________________________________________________ ______________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security@openpkg.org openpkg@openpkg.org
OpenPKG-SA-2002.013 16-Dec-2002
__________________________________________________ ______________________

Package: mysql
Vulnerability: password bypass, arbitrary code execution
OpenPKG Specific: no

Dependent Packages: apache, myodbc, perl-dbi, postfix

Affected Releases: Affected Packages: Corrected Packages:
OpenPKG 1.0 <= mysql-3.23.46-1.0.0 >= mysql-3.23.46-1.0.1
OpenPKG 1.1 <= mysql-3.23.52-1.1.0 >= mysql-3.23.52-1.1.1
OpenPKG CURRENT <= mysql-3.23.53-20021204 >= mysql-3.23.54-20021212

Description:
The e-matters [0] company discovered two flaws [1] within the MySQL
[2] server that can be used by any MySQL user to crash the server.
One of the flaws can be used to bypass the MySQL password check or
to execute arbitrary code with the privileges of the user running
mysqld(8).

They also discovered an arbitrary size heap overflow within the
MySQL client library and another vulnerability that allows to write
'\0' to any memory address. Both flaws could allow DOS attacks
against or arbitrary code execution within anything linked against
libmysqlclient.

Check whether you are affected by running "<prefix>/bin/rpm -q mysql".
If you have an affected version of the "mysql" package (see above),
please upgrade it according to the solution below.

Solution:
Update existing packages to newly patched versions of MySQL. Select the
updated source RPM appropriate for your OpenPKG release [3][4][5], and
fetch it from the OpenPKG FTP service or a mirror location. Verify its
integrity [6], build a corresponding binary RPM from it and update your
OpenPKG installation by applying the binary RPM [7]. For the latest
OpenPKG 1.1 release, perform the following operations to permanently fix
the security problem (for other releases adjust accordingly).

$ ftp ftp.openpkg.org
ftp> bin
ftp> cd release/1.1/UPD
ftp> get mysql-3.23.52-1.1.1.src.rpm
ftp> bye
$ <prefix>/bin/rpm -v --checksig mysql-3.23.52-1.1.1.src.rpm
$ <prefix>/bin/rpm --rebuild mysql-3.23.52-1.1.1.src.rpm
$ su -
# <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/mysql-3.23.52-1.1.1.*.rpm
# <prefix>/etc/rc mysql stop start
__________________________________________________ ______________________

References:
[0] http://www.e-matters.de/
[1] http://security.e-matters.de/advisories/042002.html
[2] http://www.mysql.com/
[3] ftp://ftp.openpkg.org/release/1.0/UPD/
[4] ftp://ftp.openpkg.org/release/1.1/UPD/
[5] ftp://ftp.openpkg.org/current/SRC/
[6] http://www.openpkg.org/security.html#signature
[7] http://www.openpkg.org/tutorial.html#regular-source
__________________________________________________ ______________________

For security reasons, this advisory was digitally signed with
the OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F)
of the OpenPKG project which you can find under the official URL
http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To
check the integrity of this advisory, verify its digital signature by
using GnuPG (http://www.gnupg.org/). For example, pipe this message to
the command "gpg --verify --keyserver keyserver.pgp.com".
__________________________________________________ ______________________
-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@openpkg.org>

iEYEARECAAYFAj39rFwACgkQgHWT4GPEy59OOQCfRNp25g3jXb RoIITZnwnpT7lo
0q8AoMCazmZmwIs0sqxUJF4wfwbsC6Zz
=6WvF
-----END PGP SIGNATURE-----