FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities

Affected packages
4.0 < mysql-server < 4.0.27
4.1 < mysql-server < 4.1.19
5.1 < mysql-server <= 5.1.9

Details

VuXML ID 4913886c-e875-11da-b9f4-00123ffe8333
Discovery 2006-05-02
Entry 2006-06-01

Secunia reports:

MySQL have some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system.

1) An error within the code that generates an error response to an invalid COM_TABLE_DUMP packet can be exploited by an authenticated client to disclosure certain memory content of the server process.

2) A boundary error within the handling of specially crafted invalid COM_TABLE_DUMP packets can be exploited by an authenticated client to cause a buffer overflow and allows arbitrary code execution.

3) An error within the handling of malformed login packets can be exploited to disclosure certain memory content of the server process in the error messages.

[source]

References

CERT/CC Vulnerability Note 602457
CVE Name CVE-2006-1516
CVE Name CVE-2006-1517
CVE Name CVE-2006-1518
URL http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html
URL http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html
URL http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html
URL http://secunia.com/advisories/19929/
URL http://www.vuxml.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html
URL http://www.wisec.it/vulns.php?page=7
URL http://www.wisec.it/vulns.php?page=8

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.