Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > April 2005 > Two Debian Security Advisories: 1. DSA 706-1 - New axel packages fix arbitrary code execution 2. DSA 707-1 - New mysql packages fix several vulnerabilities

April 2005

Two Debian Security Advisories: 1. DSA 706-1 - New axel packages fix arbitrary code execution 2. DSA 707-1 - New mysql packages fix several vulnerabilities

ID: 00314
Ref: 289/2005
Date: 14 April 2005:14:50:38
Version: 1
Title: Two Debian Security Advisories: 1. DSA 706-1 - New axel packages fix arbitrary code execution 2. DSA 707-1 - New mysql packages fix several vulnerabilities
Abstract:
Vendors affected: Debian
Operating systems affected: Debian
Applications affected: Debian
Title
=====

Two Debian Security Advisories:

1. DSA 706-1 - New axel packages fix arbitrary code execution

2. DSA 707-1 - New mysql packages fix several vulnerabilities

Detail
======

1. Ulf Härnhammar from the Debian Security Audit Project discovered a
buffer overflow in axel, a light download accellerator. When reading
remote input the program did not check if a part of the input can
overflow a buffer and maybe trigger the execution of arbitrary code.

2. Several vulnerabilities have been discovered in MySQL, a popular
database. The Common Vulnerabilities and Exposures project identifies
the following problems:

CAN-2004-0957

Sergei Golubchik discovered a problem in the access handling for
similar named databases. If a user is granted privileges to a
database with a name containing an underscore ("_"), the user also
gains privileges to other databases with similar names.

CAN-2005-0709

Stefano Di Paola discovered that MySQL allows remote
authenticated users with INSERT and DELETE privileges to execute
arbitrary code by using CREATE FUNCTION to access libc calls.


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================


ESB-2005.0306 -- Debian Security Advisory DSA 706-1
New axel packages fix arbitrary code execution
14 April 2005

===========================================================================



Product: axel
Publisher: Debian
Operating System: Debian GNU/Linux 3.0
Linux variants
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CAN-2005-0390

Original Bulletin: http://www.debian.org/security/2005/dsa-706

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 706-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 13th, 2005 http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package : axel
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0390
BugTraq ID : 13059

Ulf Härnhammar from the Debian Security Audit Project discovered a
buffer overflow in axel, a light download accellerator. When reading
remote input the program did not check if a part of the input can
overflow a buffer and maybe trigger the execution of arbitrary code.

For the stable distribution (woody) this problem has been fixed in
version 1.0a-1woody1.

For the unstable distribution (sid) this problem has been fixed in
version 1.0b-1.

We recommend that you upgrade your axel package.


Upgrade Instructions
- - - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1.dsc
Size/MD5 checksum: 562 9e458f6d5f1f008ea845dca78e92683c
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1.diff.gz
Size/MD5 checksum: 3390 055745f2cf06c3c91aea35186dd83d19
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a.orig.tar.gz
Size/MD5 checksum: 44140 2d94c0b36b374834567f1fcec5f89119

Architecture independent components:

http://security.debian.org/pool/updates/main/a/axel/axel-kapt_1.0a-1woody1_all.deb
Size/MD5 checksum: 3838 954e797b55eb105bbe3ef57972b10071

Alpha architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_alpha.deb
Size/MD5 checksum: 41894 460f6ab4e5884cb055cfb37d84029e32

ARM architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_arm.deb
Size/MD5 checksum: 33796 e846b964a389aad2e60efca3c0a994e4

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_i386.deb
Size/MD5 checksum: 33304 0f7124e13654896568ed1d04b19c221f

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ia64.deb
Size/MD5 checksum: 49084 d50de2a63ec516ca7d420e55c4f66927

HP Precision architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_hppa.deb
Size/MD5 checksum: 38552 01fbdbc4a778d6bc1964430567b96dc5

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_m68k.deb
Size/MD5 checksum: 31870 e07bc8f8895a4a03de20dfa3ecb427fe

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_mips.deb
Size/MD5 checksum: 37086 0a7a17857b0b2f5d46cae69394bc44aa

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_mipsel.deb
Size/MD5 checksum: 37208 e7370f632d2d84e18a59d923b4c48aec

PowerPC architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_powerpc.deb
Size/MD5 checksum: 36678 24f2fe3698ce4d4c64b0f266233874a9

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_s390.deb
Size/MD5 checksum: 34320 2aa3fc2c0e09ba46de4f3fb954580380

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_sparc.deb
Size/MD5 checksum: 37266 b5193597168fe3430754d480b29f02be


These files will probably be moved into the stable distribution on
its next update.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCXOy6W5ql+IAeqTIRAvHNAKCS1HrJ3f0BoJNt/zIKap9BtFjxPACgg4+s
WDMoQ78HbXTvFPtSPKidL9s=
=KYhB
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQl2+GCh9+71yA2DNAQL7+QP/SUS+U5VsyNjZ2dhVgu+iKEJ0NE7OOuMQ
QUuZd4PhjfnLXM9+6WeZ0HfaHbMjsGkq86ehynt6BDWLY1o+pk/YSngNsjvIRY1E
3a36DSg+yVUH9JcR3IykZFslSFbDhlBBLnj8xtFTdNuysy2tYBojrOi1ybVnCqpD
TfoSWicXq1o=
=GSZr
- -----END PGP SIGNATURE-----


2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================


ESB-2005.0307 -- Debian Security Advisory DSA 707-1
New mysql packages fix several vulnerabilities
14 April 2005

===========================================================================



Product: mysql
Publisher: Debian
Operating System: Debian GNU/Linux 3.0
Linux variants
UNIX variants
Windows
Impact: Execute Arbitrary Code/Commands
Inappropriate Access
Overwrite Arbitrary Files
Access: Existing Account
CVE Names: CAN-2005-0711 CAN-2005-0710 CAN-2005-0709
CAN-2004-0957

Original Bulletin: http://www.debian.org/security/2005/dsa-707

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 707-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 13th, 2005 http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package : mysql
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0957
BugTraq ID : 12781
Debian Bug : 285276 296674 300158

Several vulnerabilities have been discovered in MySQL, a popular
database. The Common Vulnerabilities and Exposures project identifies
the following problems:

CAN-2004-0957

Sergei Golubchik discovered a problem in the access handling for
similar named databases. If a user is granted privileges to a
database with a name containing an underscore ("_"), the user also
gains privileges to other databases with similar names.

CAN-2005-0709

Stefano Di Paola discovered that MySQL allows remote
authenticated users with INSERT and DELETE privileges to execute
arbitrary code by using CREATE FUNCTION to access libc calls.

CAN-2005-0710

Stefano Di Paola discovered that MySQL allows remote authenticated
users with INSERT and DELETE privileges to bypass library path
restrictions and execute arbitrary libraries by using INSERT INTO
to modify the mysql.func table.

CAN-2005-0711

Stefano Di Paola discovered that MySQL uses predictable file names
when creating temporary tables, which allows local users with
CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via
a symlink attack.

For the stable distribution (woody) these problems have been fixed in
version 3.23.49-8.11.

For the unstable distribution (sid) these problems have been fixed in
version 4.0.24-5 of mysql-dfsg and in version 4.1.10a-6 of
mysql-dfsg-4.1.

We recommend that you upgrade your mysql packages.


Upgrade Instructions
- - - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.11.dsc
Size/MD5 checksum: 877 df2d85bd322eb6d42287127aa911b07e
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.11.diff.gz
Size/MD5 checksum: 84421 13e0ec8441a97408ed4d0ab47981a333
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a

Architecture independent components:

http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.11_all.deb
Size/MD5 checksum: 18094 578cfd9bbf7930981efc682c8e51b549
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
Size/MD5 checksum: 1962992 a4cacebaadf9d5988da0ed1a336b48e6

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_alpha.deb
Size/MD5 checksum: 279398 3971a1aa23bde9baefeb5784ef0ade3a
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_alpha.deb
Size/MD5 checksum: 780772 97e71d14a7a1d4dd21ed5deab8dd545e
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_alpha.deb
Size/MD5 checksum: 164748 7162245a011bed2fe08d0de4f95cc4e1
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_alpha.deb
Size/MD5 checksum: 3636734 66c25c69c3579a9d69cd5b258ff5aaee

ARM architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_arm.deb
Size/MD5 checksum: 239882 4472b428cbb26a752ac0e81b051cf628
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_arm.deb
Size/MD5 checksum: 636536 ca50af2c717731c69542d5724a47fdf6
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_arm.deb
Size/MD5 checksum: 125156 e72c65ef2ec3bb5d2a4a98263ccadb2b
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_arm.deb
Size/MD5 checksum: 2808394 49c9bfb44afb893144171137b98eed12

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_i386.deb
Size/MD5 checksum: 236058 a166e82ba1b7444bf86273f6e2d06022
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_i386.deb
Size/MD5 checksum: 578064 a95797aa335d8f09ec119c553a766b08
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_i386.deb
Size/MD5 checksum: 123672 3bd8648dd73e9f8f435029907d7d8a32
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_i386.deb
Size/MD5 checksum: 2802056 dd4a223b162e6e13e0517220cc756fd3

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_ia64.deb
Size/MD5 checksum: 316690 8c537c85c8485fc053b05aa7647e9c95
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_ia64.deb
Size/MD5 checksum: 850412 9b580b32697b20bd420682e2da02b55a
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_ia64.deb
Size/MD5 checksum: 174958 4529edb2a8ed5275b858ddda14cafc9c
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_ia64.deb
Size/MD5 checksum: 4001168 dffcaa4ea670a963c2e1c87f86ca790b

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_hppa.deb
Size/MD5 checksum: 282304 3192982a2bf0d1f4b4c898ffa45ee977
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_hppa.deb
Size/MD5 checksum: 745680 1746b48072bcc93c4588d1e6f0c12b44
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_hppa.deb
Size/MD5 checksum: 141770 b497d2bdd7032816a696985a65e32174
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_hppa.deb
Size/MD5 checksum: 3516268 216cbce37769115fe9d393b9193f4ad5

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_m68k.deb
Size/MD5 checksum: 229238 0c5ae0cdfb69ee2e8eaff52119bbfdf5
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_m68k.deb
Size/MD5 checksum: 559260 11b3be08f6cd4c916a56349908e73bc7
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_m68k.deb
Size/MD5 checksum: 119552 291df2ccd20afd3ba5b426bc232e1681
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_m68k.deb
Size/MD5 checksum: 2648664 32253029744281d67cc32516d4415a7b

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_mips.deb
Size/MD5 checksum: 252512 9f0d13488d1ef1d46b1cf954247c5d73
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_mips.deb
Size/MD5 checksum: 690782 65245ff95983c58c49e5675e61ee3629
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_mips.deb
Size/MD5 checksum: 135060 5382f4e78411fcb8364df226d27b6480
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_mips.deb
Size/MD5 checksum: 2850534 1f6cbd34b484d6f57259c9c10d49c643

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_mipsel.deb
Size/MD5 checksum: 252176 fe3be8acd75ccb1206d32b66f4a7f696
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_mipsel.deb
Size/MD5 checksum: 690178 9bc96dee918e627234f5aba08e8ed174
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_mipsel.deb
Size/MD5 checksum: 135402 219d4706babc06c8995c8674687bdd3b
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_mipsel.deb
Size/MD5 checksum: 2840476 f9feb1a4254acb12cd974fe7abdd7430

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_powerpc.deb
Size/MD5 checksum: 249246 d2433c23f8a83fbb7cfabaa7f1996ba0
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_powerpc.deb
Size/MD5 checksum: 654366 fc5f0eb155c521a8a2f2a621c58026ef
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_powerpc.deb
Size/MD5 checksum: 130604 06d0a734db8a480d31acfff1a032a1b2
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_powerpc.deb
Size/MD5 checksum: 2825402 7cb05dadadbdf7b2aeaebff9b1c57bdd

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_s390.deb
Size/MD5 checksum: 251522 0b0425e22e503cca3044457d1afb96a0
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_s390.deb
Size/MD5 checksum: 609212 f2e48ad9b41cd1aed57b0cf06a350c51
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_s390.deb
Size/MD5 checksum: 127578 e716610259ca1a56a5cc709bb0f39d8f
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_s390.deb
Size/MD5 checksum: 2692988 dc5da2e28c240fc7cd5d7a57038324c4

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_sparc.deb
Size/MD5 checksum: 242480 7fdfd764be3bc3eaccb2370b6d55f501
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_sparc.deb
Size/MD5 checksum: 617570 900be3d64a19cc29f7e20449a3cb95e0
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_sparc.deb
Size/MD5 checksum: 131548 890954cb23d89714d7645fa60587854c
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_sparc.deb
Size/MD5 checksum: 2942040 5f234f648e9d269ca3df7167536bd2ae


These files will probably be moved into the stable distribution on
its next update.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCXTBsW5ql+IAeqTIRAqe7AJ43f0oqBefOL1Il+OK4u4IkUD2PQgCfcq76
uT5622whCYqRR/Irsz2E7I8=
=7FKX
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQl3IzCh9+71yA2DNAQLXnAQAhdHRVA4uRv+GRaWplpQKAUgvokbno31k
ozpiCUGoVSk13zoeRMI9zpmNLH0omiW0eeSrs98EhBM+6Q3EhYPQqQAONuPr19xU
QZL4Zm6jOnrCU5QtyS5r/Cz5kqzldY6H5qyK93U8KYqAY8u8feLujqdEyDxcdM6r
fFPtCtY7TJU=
=jC3u
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |