|
Message-ID: <20080505171603.780816a7@redhat.com> Date: Mon, 5 May 2008 17:16:03 +0200 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com, coley@...re.org Subject: CVE id request - mysql Hi! MySQL 4.1.24, 5.0.60, 5.1.24, and 6.0.5 fixes an issue allowing an authenticated attacker to gain full access to tables that will be created by another database user in the future, if an attacker can predict name of such tables (and MyISAM storage engine is used). References: http://bugs.mysql.com/bug.php?id=32167 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html Steve, please assign CVE id. Thanks! Release notes also mention following change: Security Enhancement: It was possible to force an error message of excessive length which could lead to a buffer overflow. This has been made no longer possible as a security precaution. (Bug#32707) http://bugs.mysql.com/bug.php?id=32707 According to the upstream, there is currently no know exploitation vector for this issue. Error messages are controlled by the server and it is believed that crafted messages can only by provided by modifying system files / binaries, which does not cross trust boundary. -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.