------------------------------------------------------------------------
Debian Security Advisory DSA-212-1                   security@debian.org 
Debian -- Security Information                          Wichert Akkerman
December 17, 2002
------------------------------------------------------------------------


Package        : mysql
Problem type   : multiple problems
Debian-specific: no
CVE references : CAN-2002-1373, CAN-2002-1374, CAN-2002-1375, CAN-2002-1376

While performing an audit of MySQL e-matters found several problems:

* signed/unsigned problem in COM_TABLE_DUMP
  Two sizes were taken as signed integers from a request and then cast
  to unsigned integers without checking for negative numbers. Since the
  resulting numbers where used for a memcpy() operation this could lead
  to memory corruption.

* Password length handling in COM_CHANGE_USER
  When re-authenticating to a different user MySQL did not perform
  all checks that are performed on initial authentication. This created
  two problems:
  * it allowed for single-character password brute forcing (as was fixed in
    February 2000 for initial login) which could be used by a normal user to
    gain root privileges to the database
  * it was possible to overflow the password buffer and force the server
    to execute arbitrary code

* read_rows() overflow in libmysqlclient
  When processing the rows returned by a SQL server there was no check
  for overly large rows or terminating NUL characters. This can be used
  to exploit SQL clients if they connect to a compromised MySQL server.

* read_one_row() overflow in libmysqlclient
  When processing a row as returned by a SQL server the returned field
  sizes were not verified. This can be used to exploit SQL clients if they
  connect to a compromised MySQL server.

For Debian GNU/Linux 3.0/woody this has been fixed in version 3.23.49-8.2
and version 3.22.32-6.3 for Debian GNU/Linux 2.2/potato.

We recommend that you upgrade your mysql packages as soon as possible.
------------------------------------------------------------------------

Obtaining updates:

  By hand:
    wget URL
        will fetch the file for you.
    dpkg -i FILENAME.deb
        will install the fetched file.

  With apt:
    deb  Debian -- Security Information  stable/updates main
        added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security webpages
at  Debian -- Security Information 

------------------------------------------------------------------------

Debian 2.2 (oldstable)
----------------------

  Oldstable was released for alpha, arm, i386, m68k, powerpc and sparc.

  Source archives:

      
      Size/MD5 checksum:     1305 26482e7b5f51fe036c9270043877483a
      
      Size/MD5 checksum:  4296259 e3d9cb3038a2e4378c9c0f4f9d8c2d58
      
      Size/MD5 checksum:    84166 79faf5c0f1e6ab6c4c3b7511f9cc1e71

  Architecture independent packages:

      
      Size/MD5 checksum:  1687018 e3d348a98e08bbff4085215356c5dcc7

  alpha architecture (DEC Alpha)

      
      Size/MD5 checksum:   790098 2d103be33a041fa8af05a6d1a8fae1fc
      
      Size/MD5 checksum:    99516 c3803f9e8e090bc9755cc8502f7dd860

  arm architecture (ARM)

      
      Size/MD5 checksum:   603710 028266a7c4c99365a8fe715fda7635b9
      
      Size/MD5 checksum:    87190 0f6e1c53dd71bd45ec0bfc7bdd3e92c3

  i386 architecture (Intel ia32)

      
      Size/MD5 checksum:   585150 54c0e5b9aa43a2d4fd2137f22851243a
      
      Size/MD5 checksum:    86768 fe2974d4fc341c7fc5c3866636a49676

  m68k architecture (Motorola Mc680x0)

      
      Size/MD5 checksum:   554888 5d636134e003bdd33f6dd74e60ca6570
      
      Size/MD5 checksum:    84534 47f6aa149c3b872722b5357bb962c0a7

  powerpc architecture (PowerPC)

      
      Size/MD5 checksum:   632736 47f997aa3cac2d514ec11fba8e7d3709
      
      Size/MD5 checksum:    87560 7b63bd18ce24d663bb097c13d43260b7

  sparc architecture (Sun SPARC/UltraSPARC)

      
      Size/MD5 checksum:   611600 5871877cc4fbbfc89e9d05718abcf2ba
      
      Size/MD5 checksum:    94226 b4e520c575a3bbe5ffe5a939da37f5b1


Debian 3.0 (stable)
-------------------

  Stable was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
  powerpc, s390 and sparc.

  Source archives:

      
      Size/MD5 checksum:     1528 66425fd9b3184175d22bd054d42e3826
      
      Size/MD5 checksum:    71860 ad8e754da89a07d7cd7932087375dae6

  Architecture independent packages:

      
      Size/MD5 checksum:  1962666 97241ff082a952ff7bc1f24cff9fc5e2
      
      Size/MD5 checksum:    16394 b88f843f1cbefbe58c4edf88a5c874f9

  alpha architecture (DEC Alpha)

      
      Size/MD5 checksum:   162986 48a041beb743999e8deed6c90bcee001
      
      Size/MD5 checksum:   778250 a118e60347db03acdae167a7255aa517
      
      Size/MD5 checksum:  3633582 6b8adc0cc7df343b709339a73d193dd5
      
      Size/MD5 checksum:   277222 7d1757b438b655ed991ece3fbfad8037

  arm architecture (ARM)

      
      Size/MD5 checksum:  2805328 087808428351a2ca3ab84dcccd944ba5
      
      Size/MD5 checksum:   634104 bbfd016f71b5e05bb4ee0c342351bdda
      
      Size/MD5 checksum:   123418 34edad45d226c0c5a87976d51c1ce1a7
      
      Size/MD5 checksum:   237836 5f2e14d6337a442e14d9d0b83fa60134

  hppa architecture (HP PA RISC)

      
      Size/MD5 checksum:  3514484 2e8892a4393571055800baf3858117b0
      
      Size/MD5 checksum:   140070 38b206d0f03fa42c45c057e3c8df81e1
      
      Size/MD5 checksum:   743204 0702b3a97454c8619d9eca4fb0b58766
      
      Size/MD5 checksum:   280120 d60043b7f0c5a8aa6fe130ba2e105a12

  i386 architecture (Intel ia32)

      
      Size/MD5 checksum:   576164 a3f92e9131b7c8541b79f3f3ecabcba3
      
      Size/MD5 checksum:  2800214 565952264f4b38ce80e6678c7e0d9a06
      
      Size/MD5 checksum:   234180 27d7e77b37fda1f7d5c5d9261d025d67
      
      Size/MD5 checksum:   122022 ef4b669142a35f7ddc12b467def3e3f1

  ia64 architecture (Intel ia64)

      
      Size/MD5 checksum:   848116 9b74cdcea1dc751db5b0175b9073fb6f
      
      Size/MD5 checksum:   173286 10e8869167f91a55bd1bbd5b591f4077
      
      Size/MD5 checksum:  3999702 3b89ff5e0f6dc01d2c49ea81bb47216b
      
      Size/MD5 checksum:   314552 a3b22dec9493cc6d5166c9dcbaae2c7b

  m68k architecture (Motorola Mc680x0)

      
      Size/MD5 checksum:   227180 28060088157864ce3302508c495103ad
      
      Size/MD5 checksum:   117836 93b975f8476984f3c38ff7227956c5a1
      
      Size/MD5 checksum:   557258 d44ba640f48524fd228e83640817c432
      
      Size/MD5 checksum:  2646250 4ba7c54c2538870af0736bf0892b3415

  mipsel architecture (MIPS (Little Endian))

      
      Size/MD5 checksum:   687904 a7edb0c6c681544efe80b6ccef53bafe
      
      Size/MD5 checksum:   133728 3ad484b95777df9ecd80313c9a90e434
      
      Size/MD5 checksum:   250096 ababd7ec2a3ba37fef5022a8ae86ad5b
      
      Size/MD5 checksum:  2838572 c2490489fbc988849d698d32da834014

  powerpc architecture (PowerPC)

      
      Size/MD5 checksum:   128922 d619370e667ce3bc2a45068945120592
      
      Size/MD5 checksum:   247206 9dbda1af635543ab661693a093fe5550
      
      Size/MD5 checksum:   652150 07e6bcce2cc77212c0f07e134bcf978f
      
      Size/MD5 checksum:  2822314 c8a11f51b22a0fdfde4b10f76c8958e9

  s390 architecture (IBM S/390)

      
      Size/MD5 checksum:   125406 9768f438acb130fcb3e350fc817bd3e2
      
      Size/MD5 checksum:  2636852 88419cbff7d7f340fce97f77ce641aec
      
      Size/MD5 checksum:   597252 ebcbe39245eb05b4d4b779d7b6ee5cee
      
      Size/MD5 checksum:   247538 979c18b2eadff2763555618a8eb08e2c

  sparc architecture (Sun SPARC/UltraSPARC)

      
      Size/MD5 checksum:  2938592 c52c274e39c46564dfad1dba753e320b
      
      Size/MD5 checksum:   240700 d4b86a37ae837e652f2b0f831e58c53a
      
      Size/MD5 checksum:   129878 487867fdea16986ded6c2f074b33882a
      
      Size/MD5 checksum:   615274 edeb1707bce25a18e131584f37b87d09

--
----------------------------------------------------------------------------
Debian Security team <team@security.debian.org> 
Debian -- Security Information 
Mailing-List: debian-security-announce@lists.debian.org

Debian: mysql multiple vulnerabilities

December 17, 2002
There are multiple vulnerabilities in mysql.

Summary

Package : mysql
Problem type : multiple problems
Debian-specific: no
CVE references : CAN-2002-1373, CAN-2002-1374, CAN-2002-1375, CAN-2002-1376

While performing an audit of MySQL e-matters found several problems:

* signed/unsigned problem in COM_TABLE_DUMP
Two sizes were taken as signed integers from a request and then cast
to unsigned integers without checking for negative numbers. Since the
resulting numbers where used for a memcpy() operation this could lead
to memory corruption.

* Password length handling in COM_CHANGE_USER
When re-authenticating to a different user MySQL did not perform
all checks that are performed on initial authentication. This created
two problems:
* it allowed for single-character password brute forcing (as was fixed in
February 2000 for initial login) which could be used by a normal user to
gain root privileges to the database
* it was possible to overflow the password buffer and force the server
to execute arbitrary code

* read_rows() overflow in libmysqlclient
When processing the rows returned by a SQL server there was no check
for overly large rows or terminating NUL characters. This can be used
to exploit SQL clients if they connect to a compromised MySQL server.

* read_one_row() overflow in libmysqlclient
When processing a row as returned by a SQL server the returned field
sizes were not verified. This can be used to exploit SQL clients if they
connect to a compromised MySQL server.

For Debian GNU/Linux 3.0/woody this has been fixed in version 3.23.49-8.2
and version 3.22.32-6.3 for Debian GNU/Linux 2.2/potato.

We recommend that you upgrade your mysql packages as soon as possible.
------------------------------------------------------------------------

Obtaining updates:

By hand:
wget URL
will fetch the file for you.
dpkg -i FILENAME.deb
will install the fetched file.

With apt:
deb Debian -- Security Information stable/updates main
added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security webpages
at Debian -- Security Information

------------------------------------------------------------------------

Debian 2.2 (oldstable)
----------------------

Oldstable was released for alpha, arm, i386, m68k, powerpc and sparc.

Source archives:


Size/MD5 checksum: 1305 26482e7b5f51fe036c9270043877483a

Size/MD5 checksum: 4296259 e3d9cb3038a2e4378c9c0f4f9d8c2d58

Size/MD5 checksum: 84166 79faf5c0f1e6ab6c4c3b7511f9cc1e71

Architecture independent packages:


Size/MD5 checksum: 1687018 e3d348a98e08bbff4085215356c5dcc7

alpha architecture (DEC Alpha)


Size/MD5 checksum: 790098 2d103be33a041fa8af05a6d1a8fae1fc

Size/MD5 checksum: 99516 c3803f9e8e090bc9755cc8502f7dd860

arm architecture (ARM)


Size/MD5 checksum: 603710 028266a7c4c99365a8fe715fda7635b9

Size/MD5 checksum: 87190 0f6e1c53dd71bd45ec0bfc7bdd3e92c3

i386 architecture (Intel ia32)


Size/MD5 checksum: 585150 54c0e5b9aa43a2d4fd2137f22851243a

Size/MD5 checksum: 86768 fe2974d4fc341c7fc5c3866636a49676

m68k architecture (Motorola Mc680x0)


Size/MD5 checksum: 554888 5d636134e003bdd33f6dd74e60ca6570

Size/MD5 checksum: 84534 47f6aa149c3b872722b5357bb962c0a7

powerpc architecture (PowerPC)


Size/MD5 checksum: 632736 47f997aa3cac2d514ec11fba8e7d3709

Size/MD5 checksum: 87560 7b63bd18ce24d663bb097c13d43260b7

sparc architecture (Sun SPARC/UltraSPARC)


Size/MD5 checksum: 611600 5871877cc4fbbfc89e9d05718abcf2ba

Size/MD5 checksum: 94226 b4e520c575a3bbe5ffe5a939da37f5b1


Debian 3.0 (stable)
-------------------

Stable was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
powerpc, s390 and sparc.

Source archives:


Size/MD5 checksum: 1528 66425fd9b3184175d22bd054d42e3826

Size/MD5 checksum: 71860 ad8e754da89a07d7cd7932087375dae6

Architecture independent packages:


Size/MD5 checksum: 1962666 97241ff082a952ff7bc1f24cff9fc5e2

Size/MD5 checksum: 16394 b88f843f1cbefbe58c4edf88a5c874f9

alpha architecture (DEC Alpha)


Size/MD5 checksum: 162986 48a041beb743999e8deed6c90bcee001

Size/MD5 checksum: 778250 a118e60347db03acdae167a7255aa517

Size/MD5 checksum: 3633582 6b8adc0cc7df343b709339a73d193dd5

Size/MD5 checksum: 277222 7d1757b438b655ed991ece3fbfad8037

arm architecture (ARM)


Size/MD5 checksum: 2805328 087808428351a2ca3ab84dcccd944ba5

Size/MD5 checksum: 634104 bbfd016f71b5e05bb4ee0c342351bdda

Size/MD5 checksum: 123418 34edad45d226c0c5a87976d51c1ce1a7

Size/MD5 checksum: 237836 5f2e14d6337a442e14d9d0b83fa60134

hppa architecture (HP PA RISC)


Size/MD5 checksum: 3514484 2e8892a4393571055800baf3858117b0

Size/MD5 checksum: 140070 38b206d0f03fa42c45c057e3c8df81e1

Size/MD5 checksum: 743204 0702b3a97454c8619d9eca4fb0b58766

Size/MD5 checksum: 280120 d60043b7f0c5a8aa6fe130ba2e105a12

i386 architecture (Intel ia32)


Size/MD5 checksum: 576164 a3f92e9131b7c8541b79f3f3ecabcba3

Size/MD5 checksum: 2800214 565952264f4b38ce80e6678c7e0d9a06

Size/MD5 checksum: 234180 27d7e77b37fda1f7d5c5d9261d025d67

Size/MD5 checksum: 122022 ef4b669142a35f7ddc12b467def3e3f1

ia64 architecture (Intel ia64)


Size/MD5 checksum: 848116 9b74cdcea1dc751db5b0175b9073fb6f

Size/MD5 checksum: 173286 10e8869167f91a55bd1bbd5b591f4077

Size/MD5 checksum: 3999702 3b89ff5e0f6dc01d2c49ea81bb47216b

Size/MD5 checksum: 314552 a3b22dec9493cc6d5166c9dcbaae2c7b

m68k architecture (Motorola Mc680x0)


Size/MD5 checksum: 227180 28060088157864ce3302508c495103ad

Size/MD5 checksum: 117836 93b975f8476984f3c38ff7227956c5a1

Size/MD5 checksum: 557258 d44ba640f48524fd228e83640817c432

Size/MD5 checksum: 2646250 4ba7c54c2538870af0736bf0892b3415

mipsel architecture (MIPS (Little Endian))


Size/MD5 checksum: 687904 a7edb0c6c681544efe80b6ccef53bafe

Size/MD5 checksum: 133728 3ad484b95777df9ecd80313c9a90e434

Size/MD5 checksum: 250096 ababd7ec2a3ba37fef5022a8ae86ad5b

Size/MD5 checksum: 2838572 c2490489fbc988849d698d32da834014

powerpc architecture (PowerPC)


Size/MD5 checksum: 128922 d619370e667ce3bc2a45068945120592

Size/MD5 checksum: 247206 9dbda1af635543ab661693a093fe5550

Size/MD5 checksum: 652150 07e6bcce2cc77212c0f07e134bcf978f

Size/MD5 checksum: 2822314 c8a11f51b22a0fdfde4b10f76c8958e9

s390 architecture (IBM S/390)


Size/MD5 checksum: 125406 9768f438acb130fcb3e350fc817bd3e2

Size/MD5 checksum: 2636852 88419cbff7d7f340fce97f77ce641aec

Size/MD5 checksum: 597252 ebcbe39245eb05b4d4b779d7b6ee5cee

Size/MD5 checksum: 247538 979c18b2eadff2763555618a8eb08e2c

sparc architecture (Sun SPARC/UltraSPARC)


Size/MD5 checksum: 2938592 c52c274e39c46564dfad1dba753e320b

Size/MD5 checksum: 240700 d4b86a37ae837e652f2b0f831e58c53a

Size/MD5 checksum: 129878 487867fdea16986ded6c2f074b33882a

Size/MD5 checksum: 615274 edeb1707bce25a18e131584f37b87d09

--
----------------------------------------------------------------------------
Debian Security team <team@security.debian.org>
Debian -- Security Information
Mailing-List: debian-security-announce@lists.debian.org




Severity

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved