Debian DSA-212-1 : mysql - multiple problems

high Nessus Plugin ID 15049

Synopsis

The remote Debian host is missing a security-related update.

Description

While performing an audit of MySQL e-matters found several problems :

signed/unsigned problem in COM_TABLE_DUMP Two sizes were taken as signed integers from a request and then cast to unsigned integers without checking for negative numbers. Since the resulting numbers where used for a memcpy() operation this could lead to memory corruption.Password length handling in COM_CHANGE_USER When re-authenticating to a different user MySQL did not perform all checks that are performed on initial authentication. This created two problems :

- it allowed for single-character password brute forcing (as was fixed in February 2000 for initial login) which could be used by a normal user to gain root privileges to the database
- it was possible to overflow the password buffer and force the server to execute arbitrary code

read_rows() overflow in libmysqlclient When processing the rows returned by a SQL server there was no check for overly large rows or terminating NUL characters. This can be used to exploit SQL clients if they connect to a compromised MySQL server.read_one_row() overflow in libmysqlclient When processing a row as returned by a SQL server the returned field sizes were not verified. This can be used to exploit SQL clients if they connect to a compromised MySQL server.


For Debian GNU/Linux 3.0/woody this has been fixed in version 3.23.49-8.2 and version 3.22.32-6.3 for Debian GNU/Linux 2.2/potato.

Solution

Upgrade the mysql packages as soon as possible.

See Also

http://www.debian.org/security/2002/dsa-212

Plugin Details

Severity: High

ID: 15049

File Name: debian_DSA-212.nasl

Version: 1.20

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:mysql, cpe:/o:debian:debian_linux:2.2, cpe:/o:debian:debian_linux:3.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/17/2002

Reference Information

CVE: CVE-2002-1373, CVE-2002-1374, CVE-2002-1375, CVE-2002-1376

BID: 6368, 6373, 6375

DSA: 212