[cumbria_lug] Re[3]: [Cumbria] Mandrake 9.1

Luke Antins cumbria at mailman.lug.org.uk
Fri May 2 22:24:01 2003 

Eve.

I hardly think its fair to be pointing out issues like this, we all know
most software you use on production systems have security flaws come up at
some point, and due to the nature of open source they can be fixed within
hours of it happening (openssh for example).

Good sys admins would know about security issues effecting every bit of
software on there systems when they are found and will have them patched
as soon as possible.

Regarding CAN-2003-0073, this issue was
fixed in 3.23.55. <quote>
Fixed double free'd pointer bug in mysql_change_user() handling, that
enabled a specially hacked version of MySQL client to crash mysqld. Note,
that one needs to login to the server by using a valid user account to be
able to exploit this bug.
</quote>

I can remember a patch being released around the start of January for this
(before a lot of sites published the bug).

Regarding CAN-2003-0150, this issue was fixed in 3.23.56.
<quote>
Security enhancement: `mysqld' no longer reads options from
world-writeable config files.

Security enhancement: `mysqld' and `safe_mysqld' now only use the first
--user option specified on the command line. (Normally this comes from
`/etc/my.cnf')
</quote>

I really don't think posting some bugs that were found in MySQL is a good
argument for its security, even PostgreSQL gets security related bugs.

--
Kind Regards
Luke Antins

On Fri, 2 May 2003, Ian Linwood wrote:

> Hello Luke,
>
> Saturday, April 12, 2003, 10:11:20 PM, you wrote:
>
> > Why is it hard or impossible to make MySQL secure? I'd be very interested
> > to know what makes it so insecure.
>
> Rekindling old flame (ok, ok,  i'm bored)
>
> A double-free vulnerability in mysqld, for MySQL before version 3.23.55,
> allows attackers with MySQL access to cause a denial of service (crash) by
> creating a carefully crafted client application. The Common
> Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the
> name
> CAN-2003-0073 to this issue.
>
> MySQL 3.23.55 and earlier creates world-writable files and allows mysql
> users to gain root privileges by using the "SELECT * INFO OUTFILE" operator
> to overwrite a configuration file and cause mysql to run as root upon
> restart. The Common Vulnerabilities and Exposures project (cve.mitre.org/)
> has assigned the name CAN-2003-0150 to this issue.
>
> --
> Best regards,
>  Ian                            mailto:ian@darksideofthemoon.org.uk
>
>
> _______________________________________________
> Cumbria mailing list
> Cumbria@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/cumbria
>