Vulnwatch mailing list archives
Multiple MySQL bugs
From: Rain Forest Puppy <rfp () vulnwatch org>
Date: Wed, 22 Jan 2003 01:03:41 +0000 (GMT)
http://www.mysql.com/doc/en/News-3.23.54.html Below is a few snippets from the MySQL changelog: - Fixed a bug, that allowed to crash mysqld with a specially crafted packet. - Fixed a rare crash (double free'd pointer) when altering a temporary table. - Fixed buffer overrun in libmysqlclient library that allowed malicious MySQL server to crash the client application. - Fixed security-related bug in mysql_change_user() handling. All users are strongly recommended to upgrade to the version 3.23.54. Also of note is that the newly released MySQL 4.1 (alpha) series now has support for subselects. That means SQL tampering with MySQL just got more interesting, as you can now run additional queries if you craft your SQL carefully. Prior to version 4.1 you were only limited to manipulated the current query, which usually didn't produce a lot of interesting stuff (besides the occasional 'INTO OUTFILE' or '1==1' clauses). - rfp
Current thread:
- Multiple MySQL bugs Rain Forest Puppy (Jan 21)