oss-sec mailing list archives
CVE id request - mysql
From: Tomas Hoger <thoger () redhat com>
Date: Mon, 5 May 2008 17:16:03 +0200
Hi! MySQL 4.1.24, 5.0.60, 5.1.24, and 6.0.5 fixes an issue allowing an authenticated attacker to gain full access to tables that will be created by another database user in the future, if an attacker can predict name of such tables (and MyISAM storage engine is used). References: http://bugs.mysql.com/bug.php?id=32167 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html Steve, please assign CVE id. Thanks! Release notes also mention following change: Security Enhancement: It was possible to force an error message of excessive length which could lead to a buffer overflow. This has been made no longer possible as a security precaution. (Bug#32707) http://bugs.mysql.com/bug.php?id=32707 According to the upstream, there is currently no know exploitation vector for this issue. Error messages are controlled by the server and it is believed that crafted messages can only by provided by modifying system files / binaries, which does not cross trust boundary. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE id request - mysql Tomas Hoger (May 05)
- Re: CVE id request - mysql Steven M. Christey (May 05)