RHEL 2.1 : mysql (RHSA-2003:282)

Updated MySQL server packages fix a buffer overflow vulnerability. MySQL is a multi-user, multi-threaded SQL database server. Frank Denis reported a bug in unpatched versions of MySQL prior to version 3.23.58. Passwords for MySQL users are stored in the Password field of the user table. Under thi...

CVE-2003-0780

Buffer overflow in getsaltfrompassword from sqlacl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field...

MySQL sql_acl.cc get_salt_from_password Function Password Handling Remote Overflow

According to its banner, the version of MySQL installed on the remote host fails to validate the length of a user-supplied password in the 'User' table in the 'getsaltfrompassword' function. Using a specially crafted value for a new password, an authenticated attacker with the 'ALTER DATABASE'...

CVE-2003-0780

CVE-2003-0780 is a buffer overflow in MySQL affecting versions prior to 3.23.58 and 4.0.14-era releases, triggered by a Password field longer than allowed in sql_acl.cc get_salt_from_password. An attacker with ALTER TABLE privileges could potentially execute arbitrary code as the MySQL user. Reme...