Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] SCOSA-2006.18.1 UnixWare 7.1.4 : MySQL User-Defined Fu

from [SCO Security Advisories] Network Security [Permanent Link]
Subject: [Full-disclosure] SCOSA-2006.18.1 UnixWare 7.1.4 : MySQL User-Defined Function Buffer Overflow Vulnerability
Date: Wed, 31 May 2006 15:17:00 -0700 

-- 
Dr. Ronald Joe Record
SCO Security Officer
rr@sco.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SCO Security Advisory

Subject:                UnixWare 7.1.4 : MySQL User-Defined Function Buffer 
Overflow Vulnerability
Advisory number:        SCOSA-2006.18.1
Issue date:             2006 May 25
Cross reference:        fz533822 fz533383
                        CVE-2005-2558 
______________________________________________________________________________


1. Problem Description

        Stack-based buffer overflow in the init_syms function in
        MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before
        5.0.7-beta allows remote authenticated users who can create
        user-defined functions to execute arbitrary code via a long
        function_name field.
        
        MySQL is prone to a buffer overflow vulnerability. This issue
        is due to insufficient bounds checking of data supplied as
        an argument in a user-defined function.
        
        This issue could be exploited by a database user with
        sufficient access to create a user-defined function. It may
        also be possible to exploit this issue trhough latent SQL
        injection vulnerabilities in third-party applications that
        use the database as a backend.
        
        Successful exploitation will result in execution of arbitrary
        code in the context of the database server process.
        
        The Common Vulnerabilities and Exposures project
        (cve.mitre.org) has assigned the name CVE-2005-2558 to
        this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        UnixWare 7.1.4                  MySQL package


3. Solution

        The proper solution is to install the latest packages.


4. UnixWare 7.1.4

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.18.1


        4.2 Verification

        MD5 (MySQL-5.0.19-01.pkg) = ddeae36d8899addd8519460aaf769057

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download MySQL-5.0.19-01.pkg to the /var/spool/pkg directory
        Download README-MySQL-5.0.19-UW7 to the /tmp directory

        View the MySQL 5.0.19-01 installation notes in the file
        /tmp/README-MySQL-5.0.19-UW7

        Install the MySQL 5.0.19-01 package with the command
        # pkgadd -d /var/spool/pkg/MySQL-5.0.19-01.pkg


5. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2558
                http://www.securityfocus.com/bid/14509

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents fz533822 and fz533383.


6. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


7. Acknowledgments

        Discovery of this vulnerability is credited to Reid Borsuk of
        Application Security Inc. Tim Rice discovered the improper client
        library symbolic links.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SCO_SV)

iD8DBQFEddSPaqoBO7ipriERAm3mAJ4iKLESpoWgWtoE5xD0CvBb35Y2MgCdHyz1
0gfs61e+LaOWqpFY+A9U4TU=
=qriE
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] SCOSA-2006.18.1 UnixWare 7.1.4 : MySQL User-Defined Function Buffer Overflow Vulnerability, SCO Security Advisories <=
Previous by Date:  [Full-disclosure] rPSA-2006-0087-1 kernel, Justin M. Forbes
Next by Date:  [Full-disclosure] SCOSA-2006.25 OpenServer 6.0.0: Sendmail Arbitrary Code Execution Vulnerability, SCO Security Advisories
Previous by Thread:  [Full-disclosure] rPSA-2006-0087-1 kernel, Justin M. Forbes
Next by Thread:  [Full-disclosure] SCOSA-2006.25 OpenServer 6.0.0: Sendmail Arbitrary Code Execution Vulnerability, SCO Security Advisories
Indexes:  [Date] [Thread] [Top] [All Lists]