Security and the real world

kris@koehntopp.de (Kristian Köhntopp) — Wed, 26 Apr 2006 22:09:20 +0200

These are the slides I have shown at my security talk (Room F at 11.50am today).

Security and the real world (PDF, 1.4 MB):

Continue reading "Security and the real world"

Heise Security: Buffer Overflow in MySQL

kris@koehntopp.de (Kristian Köhntopp) — Thu, 15 Sep 2005 12:02:25 +0200

Heise Security writes about the UDF Buffer Overflow in MySQL (CAN-2005-2558).

The bug is fixed in 4.0.25, 4.1.13 and 5.0.7 (beta). It is exploitable only if

your MySQL port is reachable,
and you are authenticated,
and you have permission to execute create function. To be able to do this, you need INSERT privilege on the mysql.func table, that is, you usually are already root on your server.

The bug is consequently considered not critical.

System integrators that provide MySQL as part of their distributions are following suit with their respective advisories and provide upgrades.

More background information: The term user defined function describes the ability of the MySQL server to load and execute machine code at run-time within the context of the MySQL server. This code is made available to the end user in the form of SQL functions that can be called in SELECT and other commands. Security is implemented by restricting the pathnames from which code can be loaded, but UDF permission still is an extremely far reaching access right, and is not granted by default to anybody except the DBA.

Should you upgrade? The upgrade to a current version of MySQL is recommended, but is critical in your environment only, if the above three conditions for an exploit are met by users you deem untrustworthy within the terms of your security policy.

MySQL-dump - Security

Security and the real world

Heise Security: Buffer Overflow in MySQL