Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-381-1:E0AF4
HistorySep 14, 2003 - 2:20 a.m.

[SECURITY] [DSA-381-1] New mysql packages fix buffer overflow

2003-09-1402:20:44
lists.debian.org
8

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.914 High

EPSS

Percentile

98.9%

JSON

Debian Security Advisory DSA 381-1 [email protected]
http://www.debian.org/security/ Matt Zimmerman
September 13th, 2003 http://www.debian.org/security/faq

Package : mysql
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2003-0780

MySQL, a popular relational database system, contains a buffer
overflow condition which could be exploited by a user who has
permission to execute "ALTER TABLE" commands on the tables in the
"mysql" database. If successfully exploited, this vulnerability
could allow the attacker to execute arbitrary code with the
privileges of the mysqld process (by default, user "mysql"). Since
the "mysql" database is used for MySQL's internal record keeping, by
default the mysql administrator "root" is the only user with
permission to alter its tables.

For the stable distribution (woody) this problem has been fixed in
version 3.23.49-8.5.

For the unstable distribution (sid) this problem will be fixed soon.
Refer to Debian bug #210403.

We recommend that you update your mysql package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.5.dsc
  Size/MD5 checksum:      886 7107830c1ec314067ce5dc494318d40d
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.5.diff.gz
  Size/MD5 checksum:    61337 0a916715c546b6dcab060063b9d35393
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
  Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a

Architecture independent components:

http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.5_all.deb
  Size/MD5 checksum:    16702 ae5d7baf1bd72226740aff1a5de05af6
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
  Size/MD5 checksum:  1962992 a4cacebaadf9d5988da0ed1a336b48e6

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_alpha.deb
  Size/MD5 checksum:   277506 404523a2d8042a221607e6b515f7b9e3
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_alpha.deb
  Size/MD5 checksum:   778546 ba259a789a9079fd64745773833d1912
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_alpha.deb
  Size/MD5 checksum:   163286 7fb3283ba5443e6d34fe1ae8865ae08e
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_alpha.deb
  Size/MD5 checksum:  3634080 35b40744a3e1969697aa32f3d9c01772

ARM architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_arm.deb
  Size/MD5 checksum:   238116 215806b2a8555a4749c81a8b93a4aad3
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_arm.deb
  Size/MD5 checksum:   634422 fd538ea69c4b07c8b16368dca2b68c55
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_arm.deb
  Size/MD5 checksum:   123714 729b51321b3dd0803a3f9a0d22d83ffe
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_arm.deb
  Size/MD5 checksum:  2805762 7334c08c8f9750428dce4e7595e11807

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_i386.deb
  Size/MD5 checksum:   234482 3acfaaccb3b96e8fc570152cc6573440
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_i386.deb
  Size/MD5 checksum:   576440 2afe39ec84c7a7753e3bd932fb0ea1cc
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_i386.deb
  Size/MD5 checksum:   122326 85462ed38b0d51a5775356d8a33fe79c
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_i386.deb
  Size/MD5 checksum:  2800542 aa338ea1e99fe7a577a51d657530485e

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_ia64.deb
  Size/MD5 checksum:   314840 c0ce30c7df2a67be46030ef2996f9450
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_ia64.deb
  Size/MD5 checksum:   848376 b8a00feaa674c14be926711b0bcb70dd
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_ia64.deb
  Size/MD5 checksum:   173564 306addac744ed9d76a4b1a3ed2578f6b
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_ia64.deb
  Size/MD5 checksum:  3999942 7f3ee1c27e7f631e1862db0281a76956

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_hppa.deb
  Size/MD5 checksum:   280402 e7c21784aa4262e7b87c6e7dd7c106f9
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_hppa.deb
  Size/MD5 checksum:   743498 638190fa05f1b6b4f4accd0078a0db23
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_hppa.deb
  Size/MD5 checksum:   140382 fc6d227a8de9d27d499db2ce57d66630
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_hppa.deb
  Size/MD5 checksum:  3514718 bc700968a2326d266a385c1017e9b7aa

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_m68k.deb
  Size/MD5 checksum:   227458 301ee5a393aede312c0c387fbd8d8f10
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_m68k.deb
  Size/MD5 checksum:   557496 5a3a89901ac58539be03dc9306db3940
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_m68k.deb
  Size/MD5 checksum:   118144 c4a8dadc921151d7baf91e68a1db5619
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_m68k.deb
  Size/MD5 checksum:  2646450 54edc48fc5ba4c963311ef2e280b348e

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_mips.deb
  Size/MD5 checksum:   250720 ee73c018988e1ae8ffcecd0dd8488f45
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_mips.deb
  Size/MD5 checksum:   688834 cdf66126cd1ff17780b2b47defb7faa5
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_mips.deb
  Size/MD5 checksum:   133656 2934c95216fd1ff7150d4e271cc5cb6a
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_mips.deb
  Size/MD5 checksum:  2847598 f500c10cafdb159b41af98c7188b1de2

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_mipsel.deb
  Size/MD5 checksum:   250390 816858ee19aaa2428eb33a25cf904331
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_mipsel.deb
  Size/MD5 checksum:   688154 aae88f8a2d76308a5877d6ae3a738f1e
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_mipsel.deb
  Size/MD5 checksum:   134004 5d04ab26e1ebe2be2a9881542b422b92
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_mipsel.deb
  Size/MD5 checksum:  2838974 785721f5b59fbee4628d9fcb2fc4c472

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_powerpc.deb
  Size/MD5 checksum:   247484 3afced55ed34b6eb7466aeb641812251
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_powerpc.deb
  Size/MD5 checksum:   652420 d2fe0c7ad97b934c99806b5924395c14
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_powerpc.deb
  Size/MD5 checksum:   129212 2b19bdbea7c12ce806606db4b2a54fc2
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_powerpc.deb
  Size/MD5 checksum:  2822744 825aba2752f60459586e4eef0b43bfe2

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_s390.deb
  Size/MD5 checksum:   249804 90010b1005ec61befbc21bdb3a725e7f
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_s390.deb
  Size/MD5 checksum:   606890 844d89843417dd94a7a3d60f443708df
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_s390.deb
  Size/MD5 checksum:   126194 029e8fe65e03c5e6a0d9168d532e0d72
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_s390.deb
  Size/MD5 checksum:  2690976 55b0a91c74e10f327be3c1edfe18834b

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_sparc.deb
  Size/MD5 checksum:   241002 3909504647aba0d22e2d13101762cb8e
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_sparc.deb
  Size/MD5 checksum:   615542 72d29f54cd2d0c66e8b6781f947f115c
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_sparc.deb
  Size/MD5 checksum:   130166 9b5e870572608919256b0bb0496d5089
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_sparc.deb
  Size/MD5 checksum:  2939208 ab104dc4342d279713bac3124dfc7b1b

These files will probably be moved into the stable distribution on
its next revision.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

OSVersionArchitecturePackageVersionFilename
Debian3allmysql< 3.23.49-8.5mysql_3.23.49-8.5_all.deb
Debian3allmysql-doc< 3.23.49-8.5mysql-doc_3.23.49-8.5_all.deb

Related

nessus 4
cert 1
openvas 2
redhat 1
osv 1
nvd 1
cvelist 1
cve 1
nessus
nessus
RHEL 2.1 : mysql (RHSA-2003:282)
2004-11-10 00:00:00
Debian DSA-381-1 : mysql - buffer overflow
2004-09-29 00:00:00
MySQL sql_acl.cc get_salt_from_password Function Password Handling Remote Overflow
2003-09-19 00:00:00
cert
cert
MySQL fails to validate length of password field
2003-09-15 00:00:00
openvas
openvas
Debian Security Advisory DSA 381-1 (mysql)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-381)
2008-01-17 00:00:00
redhat
redhat
(RHSA-2003:282) mysql security update
2003-10-09 00:00:00
osv
osv
mysql - buffer overflow
2003-09-13 00:00:00
nvd
nvd
CVE-2003-0780
2003-09-22 04:00:00
cvelist
cvelist
CVE-2003-0780
2003-09-12 04:00:00
cve
cve
CVE-2003-0780
2003-09-22 04:00:00

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.914 High

EPSS

Percentile

98.9%

JSON
Related for DEBIAN:DSA-381-1:E0AF4
nessus4cert1openvas2redhat1osv1nvd1cvelist1cve1