-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenLinux: MySQL: Several vulnerabilities within (lib)MySQL could allow (remote) compromise of client and/or server.
Advisory number: 	CSSA-2003-028.0
Issue date: 		2003 October 15
Cross reference: 	sr884923 fz528337 erg712439 CAN-2003-0780
______________________________________________________________________________


1. Problem Description

	Several vulnerabilities can be exploited from a remote attacker
	to crash the MySQL server or to execute arbitrary code with the
	privileges of the user running the MySQL server. 
	
	Stefan Esser from e-matters GmbH, Germany writes: 
	
	We have discovered two flaws within the MySQL server that can 
	be used by any MySQL user to crash the server. Furthermore one 
	of the flaws can be used to bypass the MySQL password check or 
	to execute arbitrary code with the privileges of the user 
	running mysqld. 
	
	We have also discovered an arbitrary size heap overflow within 
	the mysql client library and another vulnerability that allows 
	to write '^@' to any memory address. 
	
	Both flaws could allow DOS attacks against or arbitrary code 
	execution within anything linked against libmysqlclient. 
	
	You can read the full text of Stefans advisory
	here: http://security.e-matters.de/advisories/042002.html 

	The Common Vulnerabilities and Exposures project (cve.mitre.org)
	has assigned the following name CAN-2003-0780 to this issue.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to mysql-3.23.58-1.i386.rpm
					prior to mysql-client-3.23.58-1.i386.rpm
					prior to mysql-devel-3.23.58-1.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to mysql-3.23.58-1.i386.rpm
					prior to mysql-client-3.23.58-1.i386.rpm
					prior to mysql-devel-3.23.58-1.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-028.0/RPMS

	4.2 Packages

	2e64e2da872e0b49b277784788fe5bf8	mysql-3.23.58-1.i386.rpm
	9325c8c2cb65d962f3d7eea78040ef37	mysql-client-3.23.58-1.i386.rpm
	9afce4b6183764583c5c2fa0f244ff86	mysql-devel-3.23.58-1.i386.rpm

	4.3 Installation

	rpm -Fvh mysql-3.23.58-1.i386.rpm
	rpm -Fvh mysql-client-3.23.58-1.i386.rpm
	rpm -Fvh mysql-devel-3.23.58-1.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-028.0/SRPMS

	4.5 Source Packages

	57d31405c90098587889e2b7b9ec95d6	mysql-3.23.58-1.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-028.0/RPMS

	5.2 Packages

	ed1418ce2743267f053089c2f78c10ce	mysql-3.23.58-1.i386.rpm
	c0ecbc192856577cbb8bd26b184b1598	mysql-client-3.23.58-1.i386.rpm
	13322b8bb9f5981a677f9e32f73638c1	mysql-devel-3.23.58-1.i386.rpm

	5.3 Installation

	rpm -Fvh mysql-3.23.58-1.i386.rpm
	rpm -Fvh mysql-client-3.23.58-1.i386.rpm
	rpm -Fvh mysql-devel-3.23.58-1.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-028.0/SRPMS

	5.5 Source Packages

	e89a9235090850adec52d54865b47d0e	mysql-3.23.58-1.src.rpm


6. References

	Specific references for this advisory:
		http://security.e-matters.de/advisories/042002.html
		http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0780

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr884923 fz528337
	erg712439.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgements

	SCO would like to thank Stefan Esser from e-matters GmbH, Germany.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj+N77sACgkQbluZssSXDTH0kACfVAOyoE/5qvBf/zxur8Hga4ji
gDsAn0/U6sLCxT+fupv9AQ4oT7xoGnvI
=HMSW
-----END PGP SIGNATURE-----