Exploits Circulating for MySQL Flaws

By Ryan Naraine  |  Posted 2005-03-11 Print this article Print

Users of the widely deployed open-source database engine are encouraged to apply patches to avoid code execution attacks.

At least two public exploits are circulating for a trio of vulnerabilities in the open-source MySQL database engine, security experts warned on Friday.

According to alerts released on security mailing lists, the most serious flaw can be exploited by malicious users to compromise a vulnerable system. In some cases, malicious local users could also perform certain actions on a vulnerable system with escalated privileges.

The bugs affect MySQL versions 4.0.23, and 4.1.10 and prior.

MySQL AB, the Swedish company that produces and manages the freely available database, has addressed the flaws in MySQL versions 4.0.24 and 4.1.10a.

Security information aggregator Secunia recommends that customers apply the appropriate patches immediately or limit the privileges granted to untrusted users.

Limiting privileges would protect against the input validation error in the "udf_init()" function that causes the "dl" field of the "mysql.func" table to not be properly sanitized before being used to load libraries, according to Secunia.

This could allow malicious attacker to manipulate the "mysql" administrative database directly via an "Insert into" statement instead of using "Create function."

A recent analysis found MySQL code short on bugs. Click here to read more. According to the advisory, successful exploitation allows loading a malicious library from an arbitrary location, but it requires "Insert" and "Delete" permissions on the "mysql" administrative database.

A separate vulnerability is caused because temporary files are created insecurely with the "Create temporary table" command. The company warned that this can be exploited via symlink attacks to overwrite arbitrary files with the privileges of MySQL.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel