From security@linux-mandrake.com Tue Mar 22 12:31:59 2005 From: Mandrakelinux Security Team To: bugtraq@securityfocus.com Date: Mon, 21 Mar 2005 17:15:29 -0700 Subject: MDKSA-2005:060 - Updated MySQL packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: MySQL Advisory ID: MDKSA-2005:060 Date: March 21st, 2005 Affected versions: 10.0, 10.1, Corporate 3.0, Corporate Server 2.1 ______________________________________________________________________ Problem Description: A number of vulnerabilities were discovered by Stefano Di Paola in the MySQL server: If an authenticated user had INSERT privileges on the 'mysql' database, the CREATE FUNCTION command allowed that user to use libc functions to execute arbitrary code with the privileges of the user running the database server (mysql) (CAN-2005-0709). If an authenticated user had INSERT privileges on the 'mysql' database, it was possible to load a library located in an arbitrary directory by using INSERT INTO mysql.func instead of CREATE FUNCTION. This also would allow the user to execute arbitrary code with the privileges of the user running the database server (CAN-2005-0710). Finally, temporary files belonging to tables created with CREATE TEMPORARY TABLE were handled in an insecure manner, allowing any local user to overwrite arbitrary files with the privileges of the database server (CAN-2005-0711). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: a63c4a586c5ce21eefc68121b8bfcbb7 10.0/RPMS/libmysql12-4.0.18-1.4.100mdk.i586.rpm 91deea11427c50779b5435a952efc7e3 10.0/RPMS/libmysql12-devel-4.0.18-1.4.100mdk.i586.rpm 4150e294ce81935ee7e8844537867f89 10.0/RPMS/MySQL-4.0.18-1.4.100mdk.i586.rpm 1d7343e4ef5363066387fb4249ddf22a 10.0/RPMS/MySQL-Max-4.0.18-1.4.100mdk.i586.rpm 1b96455b734d9f896391041c6a1014d9 10.0/RPMS/MySQL-bench-4.0.18-1.4.100mdk.i586.rpm d4e8ee5ce5608ad9c81905ad4a9b10eb 10.0/RPMS/MySQL-client-4.0.18-1.4.100mdk.i586.rpm d83c85b5417d2c0e96002aa1d162bf35 10.0/RPMS/MySQL-common-4.0.18-1.4.100mdk.i586.rpm 7f206e82f4858c1f5d26e3f45f317320 10.0/SRPMS/MySQL-4.0.18-1.4.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 0ab0bb4f82c8dc3d6194bd6d01136948 amd64/10.0/RPMS/lib64mysql12-4.0.18-1.4.100mdk.amd64.rpm 283f25dfa37b406ac76c724f7d45dfe7 amd64/10.0/RPMS/lib64mysql12-devel-4.0.18-1.4.100mdk.amd64.rpm 6e796a5b00ee1b450aefe434ccadf437 amd64/10.0/RPMS/MySQL-4.0.18-1.4.100mdk.amd64.rpm bcd3e0ffdd1402ff54a63cc7386a36be amd64/10.0/RPMS/MySQL-Max-4.0.18-1.4.100mdk.amd64.rpm 46b367fcf652e07fccd09d76738a8662 amd64/10.0/RPMS/MySQL-bench-4.0.18-1.4.100mdk.amd64.rpm 76ea0bbb46e2f7af835498759cd991cb amd64/10.0/RPMS/MySQL-client-4.0.18-1.4.100mdk.amd64.rpm db3725e14b8dfd0bd99e0f5ebc645303 amd64/10.0/RPMS/MySQL-common-4.0.18-1.4.100mdk.amd64.rpm 7f206e82f4858c1f5d26e3f45f317320 amd64/10.0/SRPMS/MySQL-4.0.18-1.4.100mdk.src.rpm Mandrakelinux 10.1: c3c557a06d519f6f8e91ba43a9f3d404 10.1/RPMS/libmysql12-4.0.20-3.3.101mdk.i586.rpm 0ada09ca0942df3ac24b54e77d4f1ab7 10.1/RPMS/libmysql12-devel-4.0.20-3.3.101mdk.i586.rpm 051ba4877ed955d2ba10dfa689d4b380 10.1/RPMS/MySQL-4.0.20-3.3.101mdk.i586.rpm ec4c10ff52536c9aba73207d4090878a 10.1/RPMS/MySQL-Max-4.0.20-3.3.101mdk.i586.rpm 8a0df2fc5431d0bea357ff35f99aec64 10.1/RPMS/MySQL-bench-4.0.20-3.3.101mdk.i586.rpm bc0478faf5d4f1c453b3a67143685c82 10.1/RPMS/MySQL-client-4.0.20-3.3.101mdk.i586.rpm 3f87f6fa53b47ab287714df3a7b569cf 10.1/RPMS/MySQL-common-4.0.20-3.3.101mdk.i586.rpm 5eef9940c3b0f16bbe47ef5cf2d87335 10.1/SRPMS/MySQL-4.0.20-3.3.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 7782ecace6685d4070d50983e4b68a26 x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.3.101mdk.x86_64.rpm 23c36f372c0eafad5304fe8a5a91340c x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.3.101mdk.x86_64.rpm d1d378de68e919c70125a26f598bbc9d x86_64/10.1/RPMS/MySQL-4.0.20-3.3.101mdk.x86_64.rpm bef40ae1d0b3d7d2fd02e23675890bf3 x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.3.101mdk.x86_64.rpm 33888c8872f94005b83c46ee7a4c0e9e x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.3.101mdk.x86_64.rpm c1d72a2398a4fca7d60efe7f717ddb91 x86_64/10.1/RPMS/MySQL-client-4.0.20-3.3.101mdk.x86_64.rpm 3a8bcfea1e9106510c69c93875cedad3 x86_64/10.1/RPMS/MySQL-common-4.0.20-3.3.101mdk.x86_64.rpm 5eef9940c3b0f16bbe47ef5cf2d87335 x86_64/10.1/SRPMS/MySQL-4.0.20-3.3.101mdk.src.rpm Corporate Server 2.1: 0bc49a4120e6f7218204420787eb2f67 corporate/2.1/RPMS/libmysql10-3.23.56-1.8.C21mdk.i586.rpm 7bb7b42e1872b2e4087f2e9818d3c309 corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.8.C21mdk.i586.rpm 23470127e8aa4d0f17d4d4112dbcedfd corporate/2.1/RPMS/MySQL-3.23.56-1.8.C21mdk.i586.rpm 19c2791af702f6642073c545c7e0849b corporate/2.1/RPMS/MySQL-Max-3.23.56-1.8.C21mdk.i586.rpm 8096eb5a826ff1789285a7604ce39d30 corporate/2.1/RPMS/MySQL-bench-3.23.56-1.8.C21mdk.i586.rpm f1276798252c0f5376c263b0e0e18b89 corporate/2.1/RPMS/MySQL-client-3.23.56-1.8.C21mdk.i586.rpm 6e07c7ea6e92b0b0828814648234c9b3 corporate/2.1/SRPMS/MySQL-3.23.56-1.8.C21mdk.src.rpm Corporate Server 2.1/X86_64: 179bb081fc42e1605aee0e0cd4302479 x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.8.C21mdk.x86_64.rpm 0aff7099f82a97b088a42998c8a2be79 x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.8.C21mdk.x86_64.rpm 3c5266fa6cd2bc2ea601b400d7affd27 x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.8.C21mdk.x86_64.rpm e50a52624efac2ab7f2ee79a56093a9b x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.8.C21mdk.x86_64.rpm c7d5c09665aa3ba0f93de29b2a825b0f x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.8.C21mdk.x86_64.rpm 4c885f301ed4fa22954a24e86f96e11b x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.8.C21mdk.x86_64.rpm 6e07c7ea6e92b0b0828814648234c9b3 x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.8.C21mdk.src.rpm Corporate 3.0: c7b137fde3b84b2135cdb1b1c4b3669c corporate/3.0/RPMS/libmysql12-4.0.18-1.4.C30mdk.i586.rpm 9a1220153597986dcea93655e616985c corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.4.C30mdk.i586.rpm c94748b75420afebba61f3889179ed27 corporate/3.0/RPMS/MySQL-4.0.18-1.4.C30mdk.i586.rpm 4230df255b7e26fdc5352fef47a652dd corporate/3.0/RPMS/MySQL-Max-4.0.18-1.4.C30mdk.i586.rpm f341a2cdbe037f03f1589dd03c32b122 corporate/3.0/RPMS/MySQL-bench-4.0.18-1.4.C30mdk.i586.rpm 23706070a88e7705d65656fb75a38bac corporate/3.0/RPMS/MySQL-client-4.0.18-1.4.C30mdk.i586.rpm 8445d01b3058a678b31d4e4f62f0500f corporate/3.0/RPMS/MySQL-common-4.0.18-1.4.C30mdk.i586.rpm 85f2566dec3dfaea49f5c7220030d13d corporate/3.0/SRPMS/MySQL-4.0.18-1.4.C30mdk.src.rpm Corporate 3.0/X86_64: 64283c6daaaf50e766d98b4fa9281a3d x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.4.C30mdk.x86_64.rpm fcf3a8d2142dc35d83ee537a03b2b69d x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.4.C30mdk.x86_64.rpm 16984a3255ce4b7934b8b479f2a3d744 x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.4.C30mdk.x86_64.rpm f3d128d91d0db42234a0799c17529ef0 x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.4.C30mdk.x86_64.rpm 34ef63c34906f4bb69d2c5a2048ead58 x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.4.C30mdk.x86_64.rpm abeb243d806f4d6026314e0c6323aa27 x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.4.C30mdk.x86_64.rpm 6fe8cd9e5b1d3b784267dcf3b6155438 x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.4.C30mdk.x86_64.rpm 85f2566dec3dfaea49f5c7220030d13d x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.4.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCP2OgmqjQ0CJFipgRAhPMAKCj5D0U2RXZ9BiyDjbr6Ki4Y+D/ZgCgmD0V o4AliAFtO6xTVip03Ze5RIM= =EZ8s -----END PGP SIGNATURE-----