Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > May 2006 > Two AusCERT Alerts: 1. AL-2006.0032 - Firefox vulnerability may allow remote code execution 2. AL-2006.0033 - MySQL vulnerabilities allow information disclosure and remote code execution

May 2006

Two AusCERT Alerts: 1. AL-2006.0032 - Firefox vulnerability may allow remote code execution 2. AL-2006.0033 - MySQL vulnerabilities allow information disclosure and remote code execution

ID: 00328
Ref: 323/2006
Date: 04 May 2006:14:15:25
Version: 1
Title: Two AusCERT Alerts: 1. AL-2006.0032 - Firefox vulnerability may allow remote code execution 2. AL-2006.0033 - MySQL vulnerabilities allow information disclosure and remote code execution
Abstract:
Vendors affected: AusCERT
Operating systems affected: AusCERT
Applications affected: AusCERT
Title
=====

Two AusCERT Alerts:

1. AL-2006.0032 - Firefox vulnerability may allow remote code execution

2. AL-2006.0033 - MySQL vulnerabilities allow information disclosure and remote
code execution

Detail
======

1. Mozilla Firefox contains a vulnerability that may allow a remote
attacker to execute arbitrary code or create a denial of service
condition.

2. MySQL contains several vulnerabilities which may allow for
unauthenticated information disclosure and the execution of arbitrary
code by a remote, authenticated user.
Proof of concept code exploiting these vulnerabilities has been publicly
released, which may indicate an increased likelihood of attempted compromise.




1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
A U S C E R T A L E R T

AL-2006.0032 -- AUSCERT ALERT
[Win][UNIX/Linux]
Firefox vulnerability may allow remote code execution
4 May 2006

===========================================================================

AusCERT Alert Summary
---------------------

Product: Firefox 1.5 to 1.5.0.2
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2006-1993

OVERVIEW:

Mozilla Firefox contains a vulnerability that may allow a remote
attacker to execute arbitrary code or create a denial of service
condition.


IMPACT:

An attacker may be able to execute arbitrary code by convincing a user
to visit a specially crafted web site employing the
contentWindow.focus() method [1].


MITIGATION:

* Update Firefox to version 1.5.0.3 [2].

* The Mozilla Foundation advises [3] that JavaScript may be disabled as
a temporary workaround.


REFERENCES:

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1993
[2] http://www.mozilla.com/firefox/releases/1.5.0.3.html
[3] http://www.mozilla.org/security/announce/2006/mfsa2006-30.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:

http://www.auscert.org.au/render.html?it=3192


iQCVAwUBRFlQeCh9+71yA2DNAQLEqQP/URfiJIrFnAYiSM8LsuhSRx7Jg5qmVshN
SDFZtCn64niTARpCC4Nx8KpFYTSjJu+2mBtbugfLiEArN38ZhTf9nP3r5NBsuem1
fMPWPGxWhsZ7xIauVSmfXjKGTp1k25DVu5ZWLquimfXwJ24adPcxwBvgxzKXBfy+
vxfyeYWEkUI=
=gk/L
- -----END PGP SIGNATURE-----



2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
A U S C E R T A L E R T

AL-2006.0033 -- AUSCERT ALERT
[Win][UNIX/Linux]
MySQL vulnerabilities allow information disclosure and
remote code execution
4 May 2006

===========================================================================

AusCERT Alert Summary
---------------------

Product: MySQL 5.x.x
MySQL 4.x.x
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact: Execute Arbitrary Code/Commands
Inappropriate Access
Access: Remote/Unauthenticated

OVERVIEW:

MySQL contains several vulnerabilities which may allow for
unauthenticated information disclosure and the execution of arbitrary
code by a remote, authenticated user.

Proof of concept code exploiting these vulnerabilities has been publicly
released, which may indicate an increased likelihood of attempted
compromise.


IMPACT:

Several impacts have been reported:

* An unauthenticated remote user sending a specially crafted login or
COM_TABLE_DUMP packets may be able to read uninitialised memory,
potentially leading to information disclosure.

* An authenticated remote user using a specially crafted COM_TABLE_DUMP
packet may be able to execute arbitrary code on a MySQL server.
This vulnerability exists in MySQL 5.x.x.


MITIGATION:

* Upgrade to MySQL 5.0.21 [1], 5.1.10 [2] or 4.1.19 [3]. Versions
5.1.10 and 4.1.19 were unreleased at the time of writing.

* Network administrators may wish to review network access to MySQL
installations, limiting access as appropriate.


REFERENCES:

[1] http://dev.mysql.com/doc/connector/j/en/news-5-0-21.html
[2] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html
[3] http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:

http://www.auscert.org.au/render.html?it=3192

iQCVAwUBRFlpsCh9+71yA2DNAQL2jQP/X1+mt2vUDoPl9X7nHUfkUuqCf12b9b3+
nGmz/4viAXArGWpftZWK2SF/ehx2IfcaoJboLYiAgmmA2n/9O9eVklkD1e72M/JO
WpOi+qfDbhYlIrRvhsziBOf9Bs+J4AbpJnmFDNxQUGTFzNWnPHv6Gr7OqANgqIlF
9OV+Pl8m1us=
=fqO7
- -----END PGP SIGNATURE-----

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |