OpenPKG Security Advisory
OpenPKG-SA-2005.024
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2005.024 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2005.024 Advisory Published: 2008-10-06 23:04 UTC Issue Id (internal): OpenPKG-SI-20051203.01 Issue First Created: 2005-12-03 Issue Last Modified: 2006-11-28 Issue Revision: 06
Subject Name: MySQL Subject Summary: Fast Relational Database Management System Subject Home: http://www.mysql.com/products/mysql/ Subject Versions: * <= 4.1.12 Vulnerability Id: CVE-2005-2558 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: denial of service, arbitrary code execution Description: According to a security advisory from Reid Borsuk of Application Security Inc [0], a stack-based buffer overflow exists in the MySQL RDBMS [1]. The buffer overflow allows remote authenticated users who can create user-defined database functions to execute arbitrary code via a long "function_name" field. References: [0] http://www.appsecinc.com/resources/alerts/mysql/2005-002.html [1] http://www.mysql.com/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2558
Primary Package Name: mysql Primary Package Home: http://openpkg.org/go/package/mysql Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 2.4-SOLID mysql-4.1.12-2.4.0 OpenPKG Community 2.5-SOLID n/a OpenPKG Community CURRENT mysql-4.1.12-20050617 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 2.4-SOLID mysql-4.1.12-2.4.1 OpenPKG Community 2.5-SOLID n/a OpenPKG Community CURRENT mysql-4.1.13-20050721
