SCO Security Advisory SCOSA-2006.18: UnixWare 7.1.4 : MySQL User-Defined Function Buffer Overflow Vulnerability
68b84e973c6ea54e1edf3013222775891a8039d9d67b376f4b6715d34d4588cb-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.4 : MySQL User-Defined Function Buffer Overflow Vulnerability
Advisory number: SCOSA-2006.18
Issue date: 2006 April 09
Cross reference: fz533383
CVE-2005-2558
______________________________________________________________________________
1. Problem Description
Stack-based buffer overflow in the init_syms function in
MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before
5.0.7-beta allows remote authenticated users who can create
user-defined functions to execute arbitrary code via a long
function_name field.
MySQL is prone to a buffer overflow vulnerability. This issue
is due to insufficient bounds checking of data supplied as
an argument in a user-defined function.
This issue could be exploited by a database user with
sufficient access to create a user-defined function. It may
also be possible to exploit this issue trhough latent SQL
injection vulnerabilities in third-party applications that
use the database as a backend.
Successful exploitation will result in execution of arbitrary
code in the context of the database server process.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-2558 to
this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 MySQL package
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.4
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.18
4.2 Verification
MD5 (MySQL-5.0.19.pkg) = 4c28fe91016cc1f58cb0c4565839b698
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download MySQL-5.0.19.pkg to the /var/spool/pkg directory
Download README-MySQL-5.0.19-UW7 to the /tmp directory
View the MySQL 5.0.19 installation notes in the file
/tmp/README-MySQL-5.0.19-UW7
Install the MySQL 5.0.19 package with the command
# pkgadd -d /var/spool/pkg/MySQL-5.0.19.pkg
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2558
http://www.securityfocus.com/bid/14509
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz533383.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
7. Acknowledgments
Discovery of this vulnerability is credited to Reid Borsuk of
Application Security Inc.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)
iD8DBQFEOciAaqoBO7ipriERAj3jAJ9sZSmD2niRFWBgyAlRkbWT7Fz6BgCgmnRF
vPk4arcB3KYZOrTE/hXY2pw=
=MvZC
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed