mhamilton3
Programmer
- Oct 31, 2001
- 129
I have had the following vulnerability reported to me (using a program called FoundScan) and I am trying to find out if this bug was patched, but I can not find any documentation on it. Any suggestions on where I should look. I went to mysql.org and did not have any luck finding if they recongized the problem or if it was fixed.
MySQL allows authorized users to switch to a different user account using the COM_CHANGE_USER command. Inadequate bounds checking allows any password greater than 16 characters that is parsed by COM_CHANGE_USER to cause a buffer overflow condition. Arbitrary data outside the buffer may be executed with elevated privileged or cause the MySQL daemon (mysqld) to crash. This allows attackers with access to a valid account to cause a denial-of-service condition or run arbitrary code on the targeted host.
Vulnerable systems:
MySQL 3.23.53 and earlier
MySQL 4.0 - 4.0.5 a
Any help would be great, thanks
MySQL allows authorized users to switch to a different user account using the COM_CHANGE_USER command. Inadequate bounds checking allows any password greater than 16 characters that is parsed by COM_CHANGE_USER to cause a buffer overflow condition. Arbitrary data outside the buffer may be executed with elevated privileged or cause the MySQL daemon (mysqld) to crash. This allows attackers with access to a valid account to cause a denial-of-service condition or run arbitrary code on the targeted host.
Vulnerable systems:
MySQL 3.23.53 and earlier
MySQL 4.0 - 4.0.5 a
Any help would be great, thanks