Probably a good ide to upgrade MySQL anyway.
Devdas Bhagat ----- Forwarded message from Matt Moore <[EMAIL PROTECTED]> ----- From: Matt Moore <[EMAIL PROTECTED]> Date: Wed, 02 Oct 2002 16:47:59 +0100 To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: wp-02-0003: MySQL Locally Exploitable Buffer Overflow User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 Westpoint Security Advisory Title: MySQL Locally Exploitable Buffer Overflow Risk Rating: Medium Software: mySQL Database v3.23.49-nt Platforms: Win32 (other platforms not tested) Vendor URL: www.mysql.com Author: Matt Moore <[EMAIL PROTECTED]> Date: 1st October 2002 Advisory ID#: wp-02-0003 CVE# CAN-2002-0969 Overview: ========= The Win32 version of MySQL has a locally exploitable buffer overflow condition which could allow an attacker to execute code in the context of the SYSTEM account if MySQL is running as an NT Service (which is the default). Details: ======== MySQL reads a configuration file,'my.ini' from from either c:\my.ini or c:\WINNT\my.ini . The default ACL's for c:\my.ini allow the 'Everyone' group Full Control.The ACL's for c:\winnt are slightly more restrictive, but do allow members of the 'Power Users' NT Group write access. By supplying an overly long string for the 'datadir' parameter in my.ini, it is possible to overflow a buffer in mysqld-nt.exe, overwriting EIP, and hence executing arbitrary code in the context of the SYSTEM account. E.g. Change the entry for 'datadir' from: datadir=C:/mysql/data to: datadir=C:/AAAAAA...AAAA and restart the mySQl service or reboot the machine. Vendor Response: ================ Fixed in the 3.23.50 release of MySQL and MySQL 4.0.2 Patch Information: ================== Upgrade to the latest version from www.mysql.com This advisory is available online at: www.westpoint.ltd.uk/advisories/wp-02-0003.txt ----- End forwarded message ----- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
