[USN-528-1] MySQL vulnerabilities
Date: Wed, 10 Oct 2007 23:26:30 -0700
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-528-1] MySQL vulnerabilities
Message-ID: <20071011062630.GF10703@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="q42DwHUcI5a+9iZz"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.301 $
X-HELO: gorgon.outflux.net
X-Scanned-By: MIMEDefang 2.57 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru
--q42DwHUcI5a+9iZz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-528-1 October 11, 2007
mysql-dfsg-5.0 vulnerabilities
CVE-2007-2583, CVE-2007-2691, CVE-2007-3780, CVE-2007-3782
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
mysql-server-5.0 5.0.22-0ubuntu6.06.5
Ubuntu 6.10:
mysql-server-5.0 5.0.24a-9ubuntu2.1
Ubuntu 7.04:
mysql-server-5.0 5.0.38-0ubuntu1.1
In general, a standard system upgrade is sufficient to affect the
necessary changes.
ATTENTION: A change was made to the init script for mysql. Now on
start-up, mysql is checked to make sure that the mysql root password is
set. If it is blank, a message is sent to the console and the system
logger alerting that the password is not set, along with instructions
on how to set it. Additionally, you can now use:
sudo /etc/init.d/mysql reset-password
to set the root mysql user's password.
Details follow:
Neil Kettle discovered that MySQL could be made to dereference a NULL
pointer and divide by zero. An authenticated user could exploit this
with a crafted IF clause, leading to a denial of service. (CVE-2007-2583)
Victoria Reznichenko discovered that MySQL did not always require the
DROP privilege. An authenticated user could exploit this via RENAME
TABLE statements to rename arbitrary tables, possibly gaining additional
database access. (CVE-2007-2691)
It was discovered that MySQL could be made to overflow a signed char
during authentication. Remote attackers could use crafted authentication
requests to cause a denial of service. (CVE-2007-3780)
Phil Anderton discovered that MySQL did not properly verify access
privileges when accessing external tables. As a result, authenticated
users could exploit this to obtain UPDATE privileges to external
tables. (CVE-2007-3782)
In certain situations, when installing or upgrading mysql, there was no
notification that the mysql root user password needed to be set. If the
password was left unset, attackers would be able to obtain unrestricted
access to mysql. This is now checked during mysql start-up.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg=
-5.0_5.0.22-0ubuntu6.06.5.diff.gz
Size/MD5: 136815 2ee9310c1637f93e11018eb97f9869be
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg=
-5.0_5.0.22-0ubuntu6.06.5.dsc
Size/MD5: 1107 ab778bf06352edb36a0fa19284f2288b
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg=
-5.0_5.0.22.orig.tar.gz
Size/MD5: 18446645 2b8f36364373461190126817ec872031
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-clie=
nt_5.0.22-0ubuntu6.06.5_all.deb
Size/MD5: 37388 275b38cbafa4304811a6f2127924a0f6
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-comm=
on_5.0.22-0ubuntu6.06.5_all.deb
Size/MD5: 39892 c5167fd4319f83879893c836436050f9
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er_5.0.22-0ubuntu6.06.5_all.deb
Size/MD5: 37398 1ee71fa600d8408997ce89bdc4b9f7c6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15-dev_5.0.22-0ubuntu6.06.5_amd64.deb
Size/MD5: 6726370 4e4070345c2bce927957ecbc13d3e374
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15off_5.0.22-0ubuntu6.06.5_amd64.deb
Size/MD5: 1422286 10e53e36a0688870a82291a3edb5339e
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-clie=
nt-5.0_5.0.22-0ubuntu6.06.5_amd64.deb
Size/MD5: 6895754 de1ce4dc0415f7d098c2d20615307ec1
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er-5.0_5.0.22-0ubuntu6.06.5_amd64.deb
Size/MD5: 22490856 28c02acdf90f9f90792a356831af52cc
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15-dev_5.0.22-0ubuntu6.06.5_i386.deb
Size/MD5: 6140062 dd3ac2c52870c087fe219f0fbeb2f752
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15off_5.0.22-0ubuntu6.06.5_i386.deb
Size/MD5: 1382756 ba60b2fcd47aebab479f0142ffab7d61
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-clie=
nt-5.0_5.0.22-0ubuntu6.06.5_i386.deb
Size/MD5: 6278314 5cbc3b700a9f93e0e4f5fbb3aed135cb
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er-5.0_5.0.22-0ubuntu6.06.5_i386.deb
Size/MD5: 21348936 36e9d8b906f5d9e74234f834d63f7f9d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15-dev_5.0.22-0ubuntu6.06.5_powerpc.deb
Size/MD5: 6883652 4f5f003ab2fb4e801c7b55c9e04e1fb0
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15off_5.0.22-0ubuntu6.06.5_powerpc.deb
Size/MD5: 1462642 a66d382783bedbf4c2ad57f1b763d4a2
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-clie=
nt-5.0_5.0.22-0ubuntu6.06.5_powerpc.deb
Size/MD5: 6940358 00d98f99e72e2300ca62fa60f6197502
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er-5.0_5.0.22-0ubuntu6.06.5_powerpc.deb
Size/MD5: 22704382 07d7feaed935ee0542589c35508b20d4
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15-dev_5.0.22-0ubuntu6.06.5_sparc.deb
Size/MD5: 6431340 89f75bfa3afa604853fafe212e6595cf
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15off_5.0.22-0ubuntu6.06.5_sparc.deb
Size/MD5: 1434724 b9058a1caad8d21d875bc75f9f8d60b1
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-clie=
nt-5.0_5.0.22-0ubuntu6.06.5_sparc.deb
Size/MD5: 6536152 f3fd415edaed579a14437c4ee5ed89de
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er-5.0_5.0.22-0ubuntu6.06.5_sparc.deb
Size/MD5: 21970112 2236df1c10fd9f8c3186538930ba7d76
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg=
-5.0_5.0.24a-9ubuntu2.1.diff.gz
Size/MD5: 144500 1b7a672d9776990ff2d877db496c840e
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg=
-5.0_5.0.24a-9ubuntu2.1.dsc
Size/MD5: 1103 e42e629b8347840d1208d090b0df0107
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg=
-5.0_5.0.24a.orig.tar.gz
Size/MD5: 18663598 9641fcc4f34b4a2651d1aabb3b72a971
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-clie=
nt_5.0.24a-9ubuntu2.1_all.deb
Size/MD5: 40008 03d5a2539703b0a8dc4b820935475ebb
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-comm=
on_5.0.24a-9ubuntu2.1_all.deb
Size/MD5: 42636 92d63cd292c7b8109b2af60b7a47e3c6
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er_5.0.24a-9ubuntu2.1_all.deb
Size/MD5: 40010 38c38470a3aab199585defbd179bb925
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15-dev_5.0.24a-9ubuntu2.1_amd64.deb
Size/MD5: 7293618 cbeefb8354a5c22b8fde0e5e422999ec
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15off_5.0.24a-9ubuntu2.1_amd64.deb
Size/MD5: 1815054 02cb8e56c67d2f26068e883ea94e948a
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-clie=
nt-5.0_5.0.24a-9ubuntu2.1_amd64.deb
Size/MD5: 7432812 0ebf5066c4e9015239801f46df0347bd
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er-5.0_5.0.24a-9ubuntu2.1_amd64.deb
Size/MD5: 25706206 f863864c4a259f7114b182f5d9ccf5a1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15-dev_5.0.24a-9ubuntu2.1_i386.deb
Size/MD5: 6812954 4d2a81c4039273d83b031f601e68e297
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15off_5.0.24a-9ubuntu2.1_i386.deb
Size/MD5: 1760350 dabac2c1945048eb89ea960637532f10
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-clie=
nt-5.0_5.0.24a-9ubuntu2.1_i386.deb
Size/MD5: 6955736 3da01222cb928829475ebcb538b363af
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er-5.0_5.0.24a-9ubuntu2.1_i386.deb
Size/MD5: 24937436 90182b36491b66d62e24a804634bb570
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15-dev_5.0.24a-9ubuntu2.1_powerpc.deb
Size/MD5: 7435444 ec713d710bd8fb5356ce87e1012f9a4d
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15off_5.0.24a-9ubuntu2.1_powerpc.deb
Size/MD5: 1810108 21778248de27b14f6d69774412693a01
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-clie=
nt-5.0_5.0.24a-9ubuntu2.1_powerpc.deb
Size/MD5: 7470568 87fd8065ae2c2a235568a629235b0868
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er-5.0_5.0.24a-9ubuntu2.1_powerpc.deb
Size/MD5: 26070012 2385594643de4ee42c25b3881c92e01c
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15-dev_5.0.24a-9ubuntu2.1_sparc.deb
Size/MD5: 6942742 ca10a0db660f04ef8dcdb8cafca15ebb
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15off_5.0.24a-9ubuntu2.1_sparc.deb
Size/MD5: 1771480 f494d1f1ee05a672d1dbc98797e5b40a
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-clie=
nt-5.0_5.0.24a-9ubuntu2.1_sparc.deb
Size/MD5: 7048314 7a1a2cb0578b2d9f294957dec1025e31
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er-5.0_5.0.24a-9ubuntu2.1_sparc.deb
Size/MD5: 25302728 02d905d78fff0c52241d666760652a74
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg=
-5.0_5.0.38-0ubuntu1.1.diff.gz
Size/MD5: 148883 52b584c506693eea79bdf575dbaeabf4
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg=
-5.0_5.0.38-0ubuntu1.1.dsc
Size/MD5: 1209 1d2d29837f0327bdb007a6f6bb99d458
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg=
-5.0_5.0.38.orig.tar.gz
Size/MD5: 16602385 c661bce63e01401455c2273bfb170a8d
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-clie=
nt_5.0.38-0ubuntu1.1_all.deb
Size/MD5: 45752 774b8b1290d6a20b29c2fb1d361c589a
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-comm=
on_5.0.38-0ubuntu1.1_all.deb
Size/MD5: 54470 7d12190b5ff1b6c544de13b037a60383
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er_5.0.38-0ubuntu1.1_all.deb
Size/MD5: 47832 58d912a6ac7f2ed72fd10fea3120a054
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15-dev_5.0.38-0ubuntu1.1_amd64.deb
Size/MD5: 7450360 788e9a7d6effee15327804fd87a509df
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15off_5.0.38-0ubuntu1.1_amd64.deb
Size/MD5: 1891972 2585d88d50347e3eff795e8d050bb9fb
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-clie=
nt-5.0_5.0.38-0ubuntu1.1_amd64.deb
Size/MD5: 7850734 339b83fa3a7476fb976cee4c56d6ea0b
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er-4.1_5.0.38-0ubuntu1.1_amd64.deb
Size/MD5: 47852 f7f22b793bd9be902e3e3f28bc661028
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er-5.0_5.0.38-0ubuntu1.1_amd64.deb
Size/MD5: 26506454 3479e2d61c01b69c6dc193f3e1418340
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15-dev_5.0.38-0ubuntu1.1_i386.deb
Size/MD5: 6951826 f38b783bec8bf54762e2af610e2eb27e
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15off_5.0.38-0ubuntu1.1_i386.deb
Size/MD5: 1834950 b99e28cdd22943c3001b5a7beb09e7be
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-clie=
nt-5.0_5.0.38-0ubuntu1.1_i386.deb
Size/MD5: 7361004 a8260ee2e9acfa657d318120face8c02
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er-4.1_5.0.38-0ubuntu1.1_i386.deb
Size/MD5: 47854 32e151e1d7dab5ebac33623ffc9e86d8
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er-5.0_5.0.38-0ubuntu1.1_i386.deb
Size/MD5: 25740498 eeecc1e7f07e587394924c581f367bd7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15-dev_5.0.38-0ubuntu1.1_powerpc.deb
Size/MD5: 7653930 0380fa4c4a075bd51e574c558533d72a
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15off_5.0.38-0ubuntu1.1_powerpc.deb
Size/MD5: 1918584 075962f787639cdca6419d6eebfa1324
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-clie=
nt-5.0_5.0.38-0ubuntu1.1_powerpc.deb
Size/MD5: 7912746 02fbc0f2dd01158c776790680c6f9ff2
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er-4.1_5.0.38-0ubuntu1.1_powerpc.deb
Size/MD5: 47858 ad466ed4dec1fd6157c52f4e3b5cb6e5
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er-5.0_5.0.38-0ubuntu1.1_powerpc.deb
Size/MD5: 26977146 3aa11532c1bd46ea1d820ba870900a90
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15-dev_5.0.38-0ubuntu1.1_sparc.deb
Size/MD5: 7079614 fb8163f79bc93d0da46f510792630bab
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlcl=
ient15off_5.0.38-0ubuntu1.1_sparc.deb
Size/MD5: 1839596 ed3b9b8a8aca9033cb671e1cb0a0708e
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-clie=
nt-5.0_5.0.38-0ubuntu1.1_sparc.deb
Size/MD5: 7438302 bc4503ddd8bc44c99cc74c4641725b22
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er-4.1_5.0.38-0ubuntu1.1_sparc.deb
Size/MD5: 47848 68da3bfe606f6480c625e2a8111556e6
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-serv=
er-5.0_5.0.38-0ubuntu1.1_sparc.deb
Size/MD5: 26108400 6965b1264ac2f52c5171360bc26c3277
--q42DwHUcI5a+9iZz
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHDcIWH/9LqRcGPm0RAqxbAJ9RIAgQh8q1cvXKh58aXNe97AFQuQCfZEci
qXcmrnn9b/9UaX8oy+LD2WI=
=7EIp
-----END PGP SIGNATURE-----
--q42DwHUcI5a+9iZz--