Debian Security Advisory
DSA-212-1 mysql -- multiple problems
- Date Reported:
- 17 Dec 2002
- Affected Packages:
- mysql
- Vulnerable:
- Yes
- Security database references:
- In the Bugtraq database (at SecurityFocus): BugTraq ID 6373, BugTraq ID 6368, BugTraq ID 6375.
In Mitre's CVE dictionary: CVE-2002-1373, CVE-2002-1374, CVE-2002-1375, CVE-2002-1376. - More information:
-
While performing an audit of MySQL e-matters found several problems:
- signed/unsigned problem in COM_TABLE_DUMP
- Two sizes were taken as signed integers from a request and then cast to unsigned integers without checking for negative numbers. Since the resulting numbers where used for a memcpy() operation this could lead to memory corruption.
- Password length handling in COM_CHANGE_USER
-
When re-authenticating to a different user MySQL did not perform
all checks that are performed on initial authentication. This created
two problems:
- it allowed for single-character password brute forcing (as was fixed in February 2000 for initial login) which could be used by a normal user to gain root privileges to the database
- it was possible to overflow the password buffer and force the server to execute arbitrary code
- read_rows() overflow in libmysqlclient
- When processing the rows returned by a SQL server there was no check for overly large rows or terminating NUL characters. This can be used to exploit SQL clients if they connect to a compromised MySQL server.
- read_one_row() overflow in libmysqlclient
- When processing a row as returned by a SQL server the returned field sizes were not verified. This can be used to exploit SQL clients if they connect to a compromised MySQL server.
For Debian GNU/Linux 3.0/woody this has been fixed in version 3.23.49-8.2 and version 3.22.32-6.3 for Debian GNU/Linux 2.2/potato.
We recommend that you upgrade your mysql packages as soon as possible.
- Fixed in:
-
Debian GNU/Linux 2.2 (oldstable)
- Source:
- http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32-6.3.dsc
- http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32.orig.tar.gz
- http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32-6.3.diff.gz
- http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32.orig.tar.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.22.32-6.3_all.deb
- alpha (DEC Alpha):
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_alpha.deb
- arm (ARM):
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_arm.deb
- i386 (Intel ia32):
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_i386.deb
- m68k (Motorola Mc680x0):
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_m68k.deb
- powerpc (PowerPC):
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_powerpc.deb
- sparc (Sun SPARC/UltraSPARC):
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_sparc.deb
Debian GNU/Linux 3.0 (stable)
- Source:
- http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.2.dsc
- http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.2.diff.gz
- http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.2.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.2_all.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.2_all.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.2_all.deb
- alpha (DEC Alpha):
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_alpha.deb
- arm (ARM):
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_arm.deb
- hppa (HP PA RISC):
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_hppa.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_hppa.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_hppa.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_hppa.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_hppa.deb
- i386 (Intel ia32):
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_i386.deb
- ia64 (Intel ia64):
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_ia64.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_ia64.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_ia64.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_ia64.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_ia64.deb
- m68k (Motorola Mc680x0):
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_m68k.deb
- mipsel (MIPS (Little Endian)):
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_mipsel.deb
- powerpc (PowerPC):
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_powerpc.deb
- s390 (IBM S/390):
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_s390.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_s390.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_s390.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_s390.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_s390.deb
- sparc (Sun SPARC/UltraSPARC):
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_sparc.deb
MD5 checksums of the listed files are available in the original advisory.