-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.4 : MySQL User-Defined Function Buffer Overflow Vulnerability
Advisory number: 	SCOSA-2006.18.1
Issue date: 		2006 May 25
Cross reference:	fz533822 fz533383
			CVE-2005-2558 
______________________________________________________________________________


1. Problem Description

	Stack-based buffer overflow in the init_syms function in
	MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before
	5.0.7-beta allows remote authenticated users who can create
	user-defined functions to execute arbitrary code via a long
	function_name field.
	
	MySQL is prone to a buffer overflow vulnerability. This issue
	is due to insufficient bounds checking of data supplied as
	an argument in a user-defined function.
	
	This issue could be exploited by a database user with
	sufficient access to create a user-defined function. It may
	also be possible to exploit this issue trhough latent SQL
	injection vulnerabilities in third-party applications that
	use the database as a backend.
	
	Successful exploitation will result in execution of arbitrary
	code in the context of the database server process.
	
	The Common Vulnerabilities and Exposures project
	(cve.mitre.org) has assigned the name CVE-2005-2558 to
	this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.4 			MySQL package


3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.4

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.18.1


	4.2 Verification

	MD5 (MySQL-5.0.19-01.pkg) = ddeae36d8899addd8519460aaf769057

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download MySQL-5.0.19-01.pkg to the /var/spool/pkg directory
	Download README-MySQL-5.0.19-UW7 to the /tmp directory

	View the MySQL 5.0.19-01 installation notes in the file
	/tmp/README-MySQL-5.0.19-UW7

	Install the MySQL 5.0.19-01 package with the command
	# pkgadd -d /var/spool/pkg/MySQL-5.0.19-01.pkg


5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2558
		http://www.securityfocus.com/bid/14509

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents fz533822 and fz533383.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


7. Acknowledgments

	Discovery of this vulnerability is credited to Reid Borsuk of
	Application Security Inc. Tim Rice discovered the improper client
	library symbolic links.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SCO_SV)

iD8DBQFEddSPaqoBO7ipriERAm3mAJ4iKLESpoWgWtoE5xD0CvBb35Y2MgCdHyz1
0gfs61e+LaOWqpFY+A9U4TU=
=qriE
-----END PGP SIGNATURE-----