-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.4 : MySQL User-Defined Function Buffer Overflow Vulnerability
Advisory number: 	SCOSA-2006.18
Issue date: 		2006 April 09
Cross reference:	fz533383
			CVE-2005-2558 
______________________________________________________________________________


1. Problem Description

	Stack-based buffer overflow in the init_syms function in
	MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before
	5.0.7-beta allows remote authenticated users who can create
	user-defined functions to execute arbitrary code via a long
	function_name field.
	
	MySQL is prone to a buffer overflow vulnerability. This issue
	is due to insufficient bounds checking of data supplied as
	an argument in a user-defined function.
	
	This issue could be exploited by a database user with
	sufficient access to create a user-defined function. It may
	also be possible to exploit this issue trhough latent SQL
	injection vulnerabilities in third-party applications that
	use the database as a backend.
	
	Successful exploitation will result in execution of arbitrary
	code in the context of the database server process.
	
	The Common Vulnerabilities and Exposures project
	(cve.mitre.org) has assigned the name CVE-2005-2558 to
	this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.4 			MySQL package


3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.4

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.18


	4.2 Verification

	MD5 (MySQL-5.0.19.pkg) = 4c28fe91016cc1f58cb0c4565839b698

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download MySQL-5.0.19.pkg to the /var/spool/pkg directory
	Download README-MySQL-5.0.19-UW7 to the /tmp directory

	View the MySQL 5.0.19 installation notes in the file
	/tmp/README-MySQL-5.0.19-UW7

	Install the MySQL 5.0.19 package with the command
	# pkgadd -d /var/spool/pkg/MySQL-5.0.19.pkg


5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2558
		http://www.securityfocus.com/bid/14509

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents fz533383.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


7. Acknowledgments

	Discovery of this vulnerability is credited to Reid Borsuk of
	Application Security Inc.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)

iD8DBQFEOciAaqoBO7ipriERAj3jAJ9sZSmD2niRFWBgyAlRkbWT7Fz6BgCgmnRF
vPk4arcB3KYZOrTE/hXY2pw=
=MvZC
-----END PGP SIGNATURE-----