Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 5 May 2008 17:16:03 +0200
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com, coley@...re.org
Subject: CVE id request - mysql

Hi!

MySQL 4.1.24, 5.0.60, 5.1.24, and 6.0.5 fixes an issue allowing an
authenticated attacker to gain full access to tables that will be
created by another database user in the future, if an attacker can
predict name of such tables (and MyISAM storage engine is used).

References:
http://bugs.mysql.com/bug.php?id=32167
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html

Steve, please assign CVE id.  Thanks!


Release notes also mention following change:
Security Enhancement: It was possible to force an error message of
excessive length which could lead to a buffer overflow. This has been
made no longer possible as a security precaution. (Bug#32707)
http://bugs.mysql.com/bug.php?id=32707

According to the upstream, there is currently no know exploitation
vector for this issue.  Error messages are controlled by the server and
it is believed that crafted messages can only by provided by modifying
system files / binaries, which does not cross trust boundary.

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.