Two Major Databases Spring Security Leaks | eWeek
Cybersecurity
PARTAGER
Facebook X Pinterest WhatsApp

Two Major Databases Spring Security Leaks

Écrit par
Lisa Vaas
Lisa Vaas
Oct 1, 2003
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Two major databases have sprung security leaks.

The security firm Application Security Inc. reported this week that IBMs DB2 Universal Database and MySQL ABs MySQL open-source database have a total of three vulnerabilities that range from low- to high-risk levels.

The first DB2 weakness is a buffer overflow in db2dart. This entails a UDP service used for discovery of DB2 databases on a network. The UDP service is overwhelmed when more than 20 bytes of information are sent.

All versions of DB2 are affected, although the risk level is only medium. The fix is IBMs FixPak 10a, available here.

DB2s second new weakness is a vulnerability to denial-of-service attacks in its discovery service. This is a service used in turn to locate another service when configuring connections. Again, if a packet larger than 20 bytes comes in to the server, the service shuts down.

This vulnerability also affects all versions of DB2. The second DB2 flaw has a low risk level. The fix is available here.

ASI CTO Aaron Newman told eWeek in an interview that these most recent DB2 flaws dont pose a major threat to enterprises because they entail mere privilege esca-lations. “These were not high vulnerabilities,” said Newman, in New York. “Theyre more privilege esca-lations. Its not something where an anonymous hacker would be able to break in.”

For its part, the MySQL database has potential for a buffer overflow in its “get_salt_from_password” function. This is a serious risk, and it affects all versions of MySQL. According to Newman, a malicious user could grant him- or herself administrative privi-leges and then use the function to trigger a buffer overflow.

It cant, however, be used to give an intruder control of the MySQL database, through which control of the operating system can be gained, Newman said.

MySQL AB has not released a separate patch for this bug, but it is fixed in the latest MySQL database releases 4.0.15 (the current production release) and 3.23.58 (an older production release).

To download 4.0.15, click here. To download 3.23.58, click here.

Discuss this in the eWEEK forum.
Lisa Vaas
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Entreprise

À propos Nous contacter Faire de la publicité

Catégories

Actualités récentes Ressources Intelligence artificielle Vidéo Mégadonnées et analyse Cloud Réseau

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.

Conditions d'utilisation Politique de confidentialité Californie - Ne pas vendre mes informations