Some vulnerabilities have been reported in MySQL, which can be exploited to cause a Denial of Service and escalate privileges on a vulnerable system.
When doing COM_TABLE_DUMP, mysql does not verify the length of input, which can be exploited to crash mysqld.
When doing COM_CHANGE_USER, the challenge response is not verified correctly. This allows malicious users to bruteforce other accounts as there is only 32 combinations. It also seems possible to overflow a stack buffer by sending more than 16 characters, which has been proven exploitable on Linux systems.
Applications relying on libmysqlclient may be crashed due to two bugs. One is caused due to a destination buffer not being verified, which can be exploited by supplying a negative fieldsize in a response. When the libmysqlclient library fetches results one by one, field sizes are not verified, which allows overwriting of arbitrary addresses with a '\0'.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: MySQL multiple vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.