-----BEGIN PGP SIGNED MESSAGE-----
MySQL 4.0.7, a new version of the popular Open Source Database, has been
released. It is now available in source and binary form for a number of
platforms from our download pages at http://www.mysql.com/downloads/ and
Around the time MySQL 4.0.6 was ready to be released to fix the security
vulnerabilities that have been reported to us by eMatters GmbH, we were
informed about another potential security vulnerability. Because the 4.0.6
builds were almost completed at this point, and we wanted to get these out
to fix the already widely known security issues, we decided to resolve
this vulnerability for MySQL 4.0.7 instead and release it immediately
after MySQL 4.0.6.
Users that use previous versions of MySQL 4.0 in an untrusted multi-user
environment (e.g. ISPs providing database hosting) are encouraged to
update to MySQL 4.0.7 as soon as possible.
Please note, that this new vulnerability does only affect MySQL 4.0 -
MySQL 3.23 is not affected by this bug.
A short description of the vulnerability:
o MySQL 4.0 did not properly check the user's privileges when receiving
the (deprecated) client function call mysql_drop_db() to drop the
o This allowed any user to arbitrary drop any database, if he was able
to log in as a valid user and his MySQL client application used the
obsolete mysql_drop_db() function call instead of the "DROP DATABASE"
o When using "DROP DATABASE", the user's privileges were always verified
correctly before dropping the database.
o This bug can not be exploited without a valid MySQL user account -
it is not possible for an anonymous remote attacker to perform this
o So far, we are only aware of one client application that still uses
this function call.
o The "mysql" client application provided with the MySQL distribution
as well as the MySQL Control Center cannot be used to exploit this
o No data was compromised from other users' databases - this bug did not
affect the privileges required to actually read data from other
databases or tables.
o If logging was enabled (e.g. by using the "--log" or "--log-bin"
command line switches), the operation was also logged by the MySQL
server, including the user and host name (if "--log" was used).
We would like to thank Gary Huntress for making us aware of this problem.
News from the MySQL 4.0.7 ChangeLog:
Functionality added or changed:
* `mysqlbug' now also reports the compiler version used for building
the binaries (if the compiler supports the option `--version').
* Fixed compilation problems on OpenUnix and HPUX 10.20.
* Fixed some optimisation problems when compiling MySQL with
`-DBIG_TABLES' on a 32 bit system.
* `mysql_drop_db()' didn't check permissions properly so anyone could
drop another users database. `DROP DATABASE' is checked properly.
* It is quite possible that not all mirror sites have picked up
the Linux RPM packages yet, because the were added some time after
the other binary packages.
* Due to a hardware failure, we are currently unable to provide
Solaris 2.7 binaries - we apologize for any inconveniences that
may cause you. Some users reported, that the Solaris 2.8 package
worked for them on Solaris 2.7, too - so you might want to give
that a try. We are working on setting up a new Solaris 2.7 build
system and hope to have it available for future releases again.
Happy New Year!
For technical support contracts, visit https://order.mysql.com/?ref=mlgr
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Mr. Lenz Grimmer <lenz@stripped>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Production Engineer
/_/ /_/\_, /___/\___\_\___/ Hamburg, Germany
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
-----END PGP SIGNATURE-----
|• MySQL 4.0.7 is released||Lenz Grimmer||27 Dec|