View Full Version : Critical MySQL Flaw Found
26-07-2005, 10:22 AM
If you have a site hosted and use that for your site find out from your hosting company if they updated or not.
Just thought i would share that news article.
Fire0ne, welcome to MyADSL, and thanks for the heads up :).
The vulnerability lies in the fact that MySQL uses a vulnerable zlib library. Zlib is a data compression library used to support the compressed protocol and the COMPRESS/UNCOMPRESS functions under Windows.
The error occurs in "inftrees.c" when handling corrupted compressed data streams.
According to Secunia's alert, the flaw can be exploited to crash any application that uses the zlib library. Alternatively, malicious users can execute arbitrary code with privileges of the vulnerable application.
While the flaw was reported in Version 1.2.2, earlier versions may also be at risk.
The flaw was originally reported by MySQL, along with the fix. It was discovered by Tavis Ormandy of the Gentoo
Linux Security Audit Team.
The solution is to update to MySQL Version 4.1.13. According to a spokesperson for MySQL, the flaw has not been exploited, to the knowledge of MySQL.
26-07-2005, 11:06 AM
Another new member with value to add. Cool
26-07-2005, 11:32 AM
Thanks for the welcome. :) I have been reading the myadsl forum for a while now. Decided to join to post that article.
26-07-2005, 12:12 PM
Glad you joined!!
Don't use MySQL but the info seems very handy as we are about to move a large databse from DB2 to SQL.
26-07-2005, 12:26 PM
yeah seems most people only register once they want to say something. :p
26-07-2005, 01:58 PM
thats why we use Postgresql!
using MySQL extensively @ work. Was looking for a good reason to move to MySQL5, the boss wouldn't budge. Thx for the ammo FireOne *g*
26-07-2005, 02:08 PM
Thx FireOne. I would assume that if one is not using the zlib library, that one would not be in harm's way?