addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramlinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

The Boston MySQL Meetup Group Message Board › MySQL Security Issues

MySQL Security Issues

A former member
Post #: 2
I think this excerpt is appropriate for this board.

The Vulnerability Report:

MySQL Information Disclosure and Buffer Overflow ulnerabilities

Vulnerabilities have been reported in MySQL, which can be exploited to disclose potentially sensitive information and compromise a ulnerable system.

1) An error within the code that generates an error response to an invalid COM_TABLE_DUMP
packet can be exploited by an authenticated client to disclosure certain memory content of the server process.

The vulnerability has been reported in version 4.0.26, 4.1.18, and 5.0.20. Prior versions may also be affected.

2) A boundary error within the handling of specially crafted invalid COM_TABLE_DUMP packets can be exploited by an authenticated client to cause a buffer overflow and allows arbitrary code execution.

The vulnerability has been reported in version 5.0.20. Prior versions may also be affected.

3) An error within the handling of malformed login packets can be exploited to disclosure certain memory content of the server process in the error messages.

The vulnerability has been reported in version 4.0.26, 4.1.18, and 5.0.20. Prior versions may also be affected.

Update to the fixed versions.
A former member
Post #: 3
Update on First Post

Security In The News:

MySQL Fix Fix Issued

MySQL has issued a security update to address flaws in its client-server protocol that could allow a malicious attacker to exploit buffer overflow vulnerabilities and gain access to sensitive information.

The open-source database company released its MySQL version 5.0.21 update earlier this week. The update is designed to address security flaws in database server software versions 5.1.9; 5.0.20; 4.1.18; 4.0.26 and prior versions.

Although security researcher FrSIRT rates the flaws as "moderate" risk, MySQL's version 5.0, which was announced late last year, is considered to be in widespread use.

FrSIRT noted that one of the three flaws involves a buffer overflow flaw, which could be exploited by attackers to execute arbitrary commands from a user's system.

The two other flaws can be exploited when a validation error occurs when inputting information. The vulnerabilities could allow attackers to disclose portions of the system's memory in the error messages.
Powered by mvnForum

Our Sponsors

  • Technocation, Inc.

    Video camera, host video files, meetup fees. They are non-profit.

  • Oracle, Inc.

    Oracle develops the MySQL database core and offers support and training.

  • Akiban Technologies

    Has a new table grouping technology as a denormalization alternative.

  • Tokutek

    TokuDB is a drop-in replacement for InnoDB that scales MySQL®.

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy