Note: This is an archival copy of Security Sun Alert 236703 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019188.1.
Solaris 10 Operating System
Date of Preliminary Release
Date of Resolved Release
Multiple Security Vulnerabilities in MySQL 4.0.x (see below for details)
1. ImpactMultiple security vulnerabilities in the "MySQL" package, an open source database package bundled with Solaris 10 (see mysqld(1)), may result in one or more of the following issues:
1. A stack-based buffer overflow in the "init_syms" function in MySQL 4.0 prior to 4.0.25 may allow a remote authenticated users with the ability to create user-defined functions to execute arbitrary code via a long "function_name" field. For additional information see:
2. Contributing FactorsThese issues can occur in the following :
In order for a system to be vulnerable to the issues mentioned above, (with the exception of issue number 3), the "MySQL" server daemon (mysqld(1)) must be running on the system. To determine if the "MySQL" server daemon is running on the system, the following command can be executed:
$ pgrep -lf mysqld || echo "System is not affected."
3. SymptomsThere are no predictable symptoms that would indicate the described issues have been exploited.
4. WorkaroundThere is no workaround for these issues.
5. ResolutionThese issues is addressed in the following releases:
For more information on Security Sun Alerts, see 1009886.1
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
30-Jun-2008: Updated Contributing Factors and Resolution sections. Resolved.
This solution has no attachment