Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote hole, DoS in MySQL

Posted by michael on from the whoops dept.

Wee writes "I just saw two pretty nasty vulnerabilities in MySQL were announced today by a German company called e-matters. From the annoucenment: "We have discovered two flaws within the MySQL server that can be used by any MySQL user to crash the server. Furthermore one of the flaws can be used to bypass the MySQL password check or to execute arbitrary code with the privileges of the user running mysqld. We have also discovered an arbitrary size heap overflow within the mysql client library and another vulnerability that allows to write '\0' to any memory address. Both flaws could allow DOS attacks against or arbitrary code execution within anything linked against libmysqlclient." Version 3.23.54 fixes the issues in 3.x. I couldn't find a patched version for the 4.0 beta."

3 of 68 comments (clear)

  1. Hold on ... by The+Whinger · · Score: 4, Insightful

    Whilst it is good that we are made aware of these things, and that e-matters waited for MySQL to release a patched version, it would have been nice if they had waited for the common distributions to catch up aswell.

    After all - these bugs are pretty serious.

  2. Re:I'm switching to postgres by Anonymous Coward · · Score: 1, Insightful

    Well, it's harder to use, has less GUI interfaces, has a bellicose user community, and has less overall support. Why haven't you switched?

  3. Not on front page? by Alizarin+Erythrosin · · Score: 5, Insightful

    Seeing as how there may be a number of /. readers who might not catch this story but probably should know about it, why isn't it on the front page?

    --
    There are only 10 kinds of people in this world... those who understand binary and those who don't