Hi!
Here's a quick update on this issue.
On 01/08/2010 11:07 PM, Lenz Grimmer wrote:
> we've received a note on our general MySQL discussion mailing list about a
> potential remote security vulnerability in MySQL Server 5.x.
>
> Details are scarce at the moment, Intevydis did not contact us via the
> security@stripped mail alias beforehand about this. Therefore we currently
> can't confirm that it's a real threat.
>
> We've contacted the author and are trying to get more details about the nature
> of this vulnerability. From the screencast provided it looks as if they were
> able to gain shell access under the user ID the MySQL server usually runs on
> ("mysql" on most Linux systems).
>
> Apparently they use a buffer overflow for this. The exploit seemingly
> succeeded on Debian Linux systems using MySQL Server version 5.0.51a-24+lenny2
> and a 2.6.26-2 Linux kernel.
We now have some more details on the nature of the bug and it's actually
tracked with a CVE ID already:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4484
The buffer overflow requires SSL to be enabled, and only works when using the
YaSSL library (MySQL Servers using OpenSSL are not affected). A patch has been
commited here:
http://lists.mysql.com/commits/96697
It will be included in the next official releases (starting with 5.1.42). The
related bug report is currently marked private, it will be made public once
the release is out.
http://bugs.mysql.com/50227
Bye,
LenZ
--
Lenz Grimmer - MySQL Community Relations Manager - http://de.sun.com/
Sun Microsystems GmbH, Sonnenallee 1, 85551 Kirchheim-Heimstetten, DE
Geschaeftsfuehrer: Thomas Schroeder, Wolfgang Engels, Wolf Frenkel
Vorsitz d. Aufsichtsrates: Martin Haering AG Muenchen: HRB161028
Attachment: [application/pgp-signature] OpenPGP digital signature signature.asc
