List:Packagers« Previous MessageNext Message »
From:Lenz Grimmer Date:January 13 2010 1:25pm
Subject:Re: Heads-up: possible remote security vulnerability in MySQL 5.x
View as plain text  
Hi!

Here's a quick update on this issue.

On 01/08/2010 11:07 PM, Lenz Grimmer wrote:

> we've received a note on our general MySQL discussion mailing list about a
> potential remote security vulnerability in MySQL Server 5.x.
> 
> Details are scarce at the moment, Intevydis did not contact us via the
> security@stripped mail alias beforehand about this. Therefore we currently
> can't confirm that it's a real threat.
> 
> We've contacted the author and are trying to get more details about the nature
> of this vulnerability. From the screencast provided it looks as if they were
> able to gain shell access under the user ID the MySQL server usually runs on
> ("mysql" on most Linux systems).
> 
> Apparently they use a buffer overflow for this. The exploit seemingly
> succeeded on Debian Linux systems using MySQL Server version 5.0.51a-24+lenny2
> and a 2.6.26-2 Linux kernel.

We now have some more details on the nature of the bug and it's actually
tracked with a CVE ID already:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4484

The buffer overflow requires SSL to be enabled, and only works when using the
YaSSL library (MySQL Servers using OpenSSL are not affected). A patch has been
commited here:

 http://lists.mysql.com/commits/96697

It will be included in the next official releases (starting with 5.1.42). The
related bug report is currently marked private, it will be made public once
the release is out.

 http://bugs.mysql.com/50227

Bye,
	LenZ
-- 
Lenz Grimmer - MySQL Community Relations Manager -  http://de.sun.com/
Sun Microsystems GmbH, Sonnenallee 1, 85551 Kirchheim-Heimstetten,  DE
Geschaeftsfuehrer:    Thomas Schroeder, Wolfgang Engels,  Wolf Frenkel
Vorsitz d. Aufsichtsrates: Martin Haering       AG Muenchen: HRB161028


Attachment: [application/pgp-signature] OpenPGP digital signature signature.asc
Thread
Heads-up: possible remote security vulnerability in MySQL 5.xLenz Grimmer8 Jan
  • Re: Heads-up: possible remote security vulnerability in MySQL 5.xLenz Grimmer13 Jan
    • Re: Heads-up: possible remote security vulnerability in MySQL 5.xLenz Grimmer13 Jan