News

Security holes in MySQL, says German expert

Security holes discovered in the MySQL open-source database and client software could allow an attacker to launch a denial of service attack or gain administrative access to the database server, according to an alert posted by German security company e-matters.

MySQL is a popular database server, with more than four million installations worldwide, supporting high-profile Web sites and business applications.

It can be run on a variety of operating systems including Microsoft's Windows as well as Linux and Unix.

The advisory by e-matters identifies four separate vulnerabilities in the MySQL code, two affecting the MySQL server component and two affecting the MySQL client.

All four vulnerabilities could be used to execute denial of service attacks against the affected MySQL component, exploiting the flaws to crash the server or client.

The vulnerabilities range from buffer overflows that can cause MySQL component crashes to others that could allow malicious code to be read and executed on an affected machine.

One of the server vulnerabilities could also allow an attacker to break into the MySQL root account and compromise the databases running on that server.

Used in combination with each other, the vulnerabilities could allow an attacker to break into a system running the MySQL database server software or elevate his or her access privileges on that system, e-matters said.

The vulnerabilities have been fixed in the latest version MySQL Database Server and e-matters is urging users to update their installations.
www.mysql.com/downloads/mysql-3.23.html

A number of software vendors have also issued alerts and software updates covering the MySQL vulnerabilities in their own products.

Guardian Digital issued an advisory encouraging users of its EnGarde Secure Linux product to update their systems to use the patched version of MySQL, as did the makers of Gentoo Linux, a free Linux distribution.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy