Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: 202310-12 Important: PostgreSQL Remote Code Execution Vulnerability

gentoo
Calendar Grey September 15, 2003
Dist Gentoo Esm H88
- - - --------------------------------------------------------------------- GENTOO LINUX SECURITY AN
Anyone with global administrative privileges on a MySQL server may execute arbitrary code even on a host he isn't supposed to have a shell on, with the privileges of the system acc...

Summary


GENTOO LINUX SECURITY ANNOUNCEMENT 200309-08
    FIXED VERSION : >=mysql-3.23.57-r1 >=mysql-4.0.13-r4 >=mysql-4.0.14-r2(masked)


quote from advisory:

"Anyone with global administrative privileges on a MySQL server may 
execute arbitrary code even on a host he isn't supposed to have a shell 
on, with the privileges of the system account running the MySQL server."

read the full advisory at: 


SOLUTION

It is recommended that all Gentoo Linux users who are running
dev-db/mysql upgrade to either one of these versions:

3.23.x - mysql-3.23.57-r1
4.0.x  - mysql-4.0.13-r4 OR
         mysql-4.0.14-r2 if accepting "~" keywords.

emerge sync
emerge \=dev-db/mysql/
emerge clean

aliz@gentoo.org - GnuPG key is available at   
solar@gentoo.org

Topics%20covered

Topics Covered

security advisory gentoo buffer overflow remote exploit software update mysql critical severity

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
important
Lowest
Low
Medium
High
Critical

PACKAGE : mysql
SUMMARY : buffer overflow
DATE : 2003-09-15 10:00 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <mysql-3.23.57-r1 =mysql-4.0.14-r2(masked)
CVE : CAN-2003-0780

Topics%20covered

Topics Covered

security advisory gentoo buffer overflow remote exploit software update mysql critical severity

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here