Author: paul
Date: 2010-05-11 18:47:28 +0200 (Tue, 11 May 2010)
New Revision: 20554
Log:
r58842@frost: paul | 2010-05-11 11:44:35 -0500
Revise changelog entries
Modified:
trunk/dynamic-docs/changelog/mysqld-2.xml
Property changes on: trunk
___________________________________________________________________
Name: svk:merge
- 07c7e7b4-24e3-4b51-89d0-6dc09fec6bec:/mysqldoc-local/mysqldoc/trunk:35498
07c7e7b4-24e3-4b51-89d0-6dc09fec6bec:/mysqldoc-local/trunk:38898
4767c598-dc10-0410-bea0-d01b485662eb:/mysqldoc-local/mysqldoc/trunk:43968
4767c598-dc10-0410-bea0-d01b485662eb:/mysqldoc-local/trunk:44480
7d8d2c4e-af1d-0410-ab9f-b038ce55645b:/mysqldoc-local/mysqldoc:58839
b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:14218
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:39036
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/trunk:39546
+ 07c7e7b4-24e3-4b51-89d0-6dc09fec6bec:/mysqldoc-local/mysqldoc/trunk:35498
07c7e7b4-24e3-4b51-89d0-6dc09fec6bec:/mysqldoc-local/trunk:38898
4767c598-dc10-0410-bea0-d01b485662eb:/mysqldoc-local/mysqldoc/trunk:43968
4767c598-dc10-0410-bea0-d01b485662eb:/mysqldoc-local/trunk:44480
7d8d2c4e-af1d-0410-ab9f-b038ce55645b:/mysqldoc-local/mysqldoc:58842
b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:14218
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:39036
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/trunk:39546
Modified: trunk/dynamic-docs/changelog/mysqld-2.xml
===================================================================
--- trunk/dynamic-docs/changelog/mysqld-2.xml 2010-05-11 16:47:15 UTC (rev 20553)
+++ trunk/dynamic-docs/changelog/mysqld-2.xml 2010-05-11 16:47:28 UTC (rev 20554)
Changed blocks: 2, Lines Added: 28, Lines Deleted: 4; 2230 bytes
@@ -14191,10 +14191,31 @@
<message>
<para>
- <literal>COM_FIELD_LIST</literal> could be abused to bypass
- table level privileges.
+ The server failed to check the table name argument of a
+ <literal>COM_FIELD_LIST</literal> command packet for validity
+ and compliance to acceptable table name standards. This could be
+ exploited to bypass almost all forms of checks for privileges
+ and table-level grants by providing a specially crafted table
+ name argument to <literal>COM_FIELD_LIST</literal>.
</para>
+ <para>
+ In MySQL 5.0 and above, this allowed an authenticated user with
+ <literal role="priv">SELECT</literal> privileges on one table to
+ obtain the field definitions of any table in all other databases
+ and potentially of other MySQL instances accessible from the
+ server's file system.
+ </para>
+
+ <para>
+ Additionally, for MySQL version 5.1 and above, an authenticated
+ user with <literal role="priv">DELETE</literal> or
+ <literal role="priv">SELECT</literal> privileges on one table
+ could delete or read content from any other table in all
+ databases on this server, and potentially of other MySQL
+ instances accessible from the server's file system.
+ </para>
+
</message>
</logentry>
@@ -14219,8 +14240,11 @@
<message>
<para>
- <literal>COM_FIELD_LIST</literal> could be abused to cause a
- server stack overflow, resulting in a crash or code exploit.
+ The server was susceptible to a buffer-overflow attack due to a
+ failure to perform bounds checking on the table name argument of
+ a <literal>COM_FIELD_LIST</literal> command packet. By sending
+ long data for the table name, a buffer is overflown, which could
+ be exploited by an authenticated user to inject malicious code.
</para>
</message>
| Thread |
|---|
| • svn commit - mysqldoc@docsrva: r20554 - in trunk: . dynamic-docs/changelog | paul.dubois | 11 May |
