TITLE:
MySQL Set Password Privilege Escalation Vulnerability

SECUNIA ADVISORY ID:
SA9709

VERIFY ADVISORY:
http://www.secunia.com/advisories/9709/

CRITICAL:
Not critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
MySQL 3.x
MySQL 4.x

DESCRIPTION:
A vulnerability has been identified in MySQL, which can be exploited
by malicious users to escalate their privileges on a vulnerable
system.

The vulnerability is caused due to a boundary error when checking
passwords before hashing and storing them in the "User" table. This
can be exploited to cause a buffer overflow by supplying a value
longer than 16 characters using "set password".

Successful exploitation allows malicious MySQL users with global
administrative privileges to execute arbitrary code on the system
with the privileges of the MySQL server.

The vulnerability has been reported in versions 4.0.14 and 3.0.57.
However, prior versions may also be affected.

SOLUTION:
Update to version 4.0.15:
http://www.mysql.com/downloads/mysql-4.0.html

REPORTED BY / CREDITS:
Frank Denis (Jedi/Sector One)

ORIGINAL ADVISORY:
http://lists.mysql.com/list.php?list=announce&post=168

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web  : http://www.secunia.com/
E-mail  : support@secunia.com
Tel  : +45 7020 5144
Fax  : +45 7020 5145

----------------------------------------------------------------------