MySQL Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 15 Feb 2008 4505 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in MySQL, which could be exploited by attackers or malicious users to bypass security restrictions, disclose sensitive information, cause a denial of service or compromise an affected system.

1. Missing permission checks when handling BINLOG statements, which could be exploited by any connected user to obtain elevated privileges.

2. Buffer overflow errors in yaSSL, which could be exploited by remote attackers to crash a vulnerable server or execute arbitrary code.

3. An error when using RENAME TABLE.

4. An error in "ALTER VIEW".

5. An error when using FEDERATED tables.

6. An error when creating a partitioned table using the DATA DIRECTORY and INDEX DIRECTORY options, which could be exploited by malicious users to gain privileges on other tables which have the same name as the partitioned table.

7. A buffer overflow error when displaying error message, which could potentially be exploited by attackers to crash or potentially compromise an affected server.

Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • MySQL versions prior to 5.1.23

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to MySQL version 5.1.23 :
http://dev.mysql.com/downloads/

Vulnerability Identifier

Source

Related Link

Share with

Previous

Cisco Unified IP Phone Multiple Vulnerabilities

15 Feb 2008 4498 Views

Next

Apache mod_jk2 Host Header Multiple Buffer Overflow Vulnerabilities

18 Feb 2008 4446 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY