Critical MySQL Flaw Found - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 14th, 2012

Linux Advisory Watch: May 10th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Critical MySQL Flaw Found

User Rating:

How can I rate this item?

Source: eWeek - Posted by Pax Dickinson

A "highly critical" flaw has been reported in MySQL that can be exploited to cause a DoS (Denial of Service) or to execute arbitrary code on the open-source database, according to security alerts aggregator Secunia Inc.

The vulnerability lies in the fact that MySQL uses a vulnerable zlib library. Zlib is a data compression library used to support the compressed protocol and the COMPRESS/UNCOMPRESS functions under Windows.

The error occurs in "inftrees.c" when handling corrupted compressed data streams.

According to Secunia's alert, the flaw can be exploited to crash any application that uses the zlib library. Alternatively, malicious users can execute arbitrary code with privileges of the vulnerable application.

While the flaw was reported in Version 1.2.2, earlier versions may also be at risk.

The solution is to update to MySQL Version 4.1.13. According to a spokesperson for MySQL, the flaw has not been exploited, to the knowledge of MySQL.

Read this full article at eWeek