-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenLinux: MySQL: Several vulnerabilities within (lib)MySQL could allow (remote) compromise of client and/or server. Advisory number: CSSA-2003-028.0 Issue date: 2003 October 15 Cross reference: sr884923 fz528337 erg712439 CAN-2003-0780 ______________________________________________________________________________ 1. Problem Description Several vulnerabilities can be exploited from a remote attacker to crash the MySQL server or to execute arbitrary code with the privileges of the user running the MySQL server. Stefan Esser from e-matters GmbH, Germany writes: We have discovered two flaws within the MySQL server that can be used by any MySQL user to crash the server. Furthermore one of the flaws can be used to bypass the MySQL password check or to execute arbitrary code with the privileges of the user running mysqld. We have also discovered an arbitrary size heap overflow within the mysql client library and another vulnerability that allows to write '^@' to any memory address. Both flaws could allow DOS attacks against or arbitrary code execution within anything linked against libmysqlclient. You can read the full text of Stefans advisory here: http://security.e-matters.de/advisories/042002.html The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2003-0780 to this issue. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to mysql-3.23.58-1.i386.rpm prior to mysql-client-3.23.58-1.i386.rpm prior to mysql-devel-3.23.58-1.i386.rpm OpenLinux 3.1.1 Workstation prior to mysql-3.23.58-1.i386.rpm prior to mysql-client-3.23.58-1.i386.rpm prior to mysql-devel-3.23.58-1.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-028.0/RPMS 4.2 Packages 2e64e2da872e0b49b277784788fe5bf8 mysql-3.23.58-1.i386.rpm 9325c8c2cb65d962f3d7eea78040ef37 mysql-client-3.23.58-1.i386.rpm 9afce4b6183764583c5c2fa0f244ff86 mysql-devel-3.23.58-1.i386.rpm 4.3 Installation rpm -Fvh mysql-3.23.58-1.i386.rpm rpm -Fvh mysql-client-3.23.58-1.i386.rpm rpm -Fvh mysql-devel-3.23.58-1.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-028.0/SRPMS 4.5 Source Packages 57d31405c90098587889e2b7b9ec95d6 mysql-3.23.58-1.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-028.0/RPMS 5.2 Packages ed1418ce2743267f053089c2f78c10ce mysql-3.23.58-1.i386.rpm c0ecbc192856577cbb8bd26b184b1598 mysql-client-3.23.58-1.i386.rpm 13322b8bb9f5981a677f9e32f73638c1 mysql-devel-3.23.58-1.i386.rpm 5.3 Installation rpm -Fvh mysql-3.23.58-1.i386.rpm rpm -Fvh mysql-client-3.23.58-1.i386.rpm rpm -Fvh mysql-devel-3.23.58-1.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-028.0/SRPMS 5.5 Source Packages e89a9235090850adec52d54865b47d0e mysql-3.23.58-1.src.rpm 6. References Specific references for this advisory: http://security.e-matters.de/advisories/042002.html http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0780 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr884923 fz528337 erg712439. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgements SCO would like to thank Stefan Esser from e-matters GmbH, Germany. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj+N77sACgkQbluZssSXDTH0kACfVAOyoE/5qvBf/zxur8Hga4ji gDsAn0/U6sLCxT+fupv9AQ4oT7xoGnvI =HMSW -----END PGP SIGNATURE-----