Skip to main content

MySQL Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 15 Feb 2008 2513 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in MySQL, which could be exploited by attackers or malicious users to bypass security restrictions, disclose sensitive information, cause a denial of service or compromise an affected system.

1. Missing permission checks when handling BINLOG statements, which could be exploited by any connected user to obtain elevated privileges.

2. Buffer overflow errors in yaSSL, which could be exploited by remote attackers to crash a vulnerable server or execute arbitrary code.

3. An error when using RENAME TABLE.

4. An error in "ALTER VIEW".

5. An error when using FEDERATED tables.

6. An error when creating a partitioned table using the DATA DIRECTORY and INDEX DIRECTORY options, which could be exploited by malicious users to gain privileges on other tables which have the same name as the partitioned table.

7. A buffer overflow error when displaying error message, which could potentially be exploited by attackers to crash or potentially compromise an affected server.


Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • MySQL versions prior to 5.1.23


Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to MySQL version 5.1.23 :
http://dev.mysql.com/downloads/


Vulnerability Identifier


Source


Related Link