Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Apps A-M :: lnx5968.htm

MySQL DoS via double-free() bug



4th Feb 2003 [SBWID-5968]
COMMAND

	MySQL DoS via double-free() bug

SYSTEMS AFFECTED

	All MySQL before 3.23.55 ?

PROBLEM

	In Mandrake security advisory [MDKSA-2003:013] :
	
	Aleksander Adamowski informed MandrakeSoft  that  the  MySQL  developers
	fixed a DoS vulnerability in the recently released  3.23.55  version  of
	MySQL. A double free() pointer bug in the  mysql_change_user()  handling
	would allow a specially hacked mysql client to  crash  the  main  mysqld
	server. This vulnerability can only be exploited  by  first  logging  in
	with a valid user account. see :
	
	 http://www.mysql.com/doc/en/News-3.23.55.html
	
	

SOLUTION

	Get MySQL v3.23.55


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH