reopen 330164
reassign 330164 mysql-server
found 330164 4.0.24-10
found 330164 3.23.49-8.13
thanks
Hello Martin
On 2005-09-28 Martin Pitt wrote:
> Debian Bug Tracking System [2005-09-26 11:33 -0700]:
> > > - as you stated in your next mail, it doesn't seem that sarge/4.0 is
> > > affected. - sarge doesn't carry a 5.0 version
> > > - thus all sid versions should be okay too.
> >
> > After checking the advisory I would say that Sean is right, no Debian
> > versions
> > are vulnerable any more as this advisory is really very old.
>
> Maybe this was too quick - in the Ubuntu bug [1] the reporter
> successfully ran the exploit against 4.0.24.
Lucky us that you found this bug, I now believe he is correct.
check_scramble_323() probably means password checking for everything compatible
with version 3.23 so it the normal "check_scramble()" function in <4.1.
In fact the 4.0 from Sarge and the 3.23 from Woody both contain the offending
snipped in sql/password.c line 178:
for (pos=scrambled ; *pos ; pos++)
*to++=(char) (floor(my_rnd(&rand_st)*31)+64);
So we have:
Woody: 3.23 VULN - - -
Sarge: - 4.0 VULN 4.1.11a-4 ok -
(testing) - - 4.1.11a-4 ok 5.0.12beta-2 ok
Sid: - - 4.1.14-5 ok 5.0.13rc-1 ok
Security Team, do you do the rest or should I help you?
(Please keep in mind, that there is another open security issue for MySQL,
see bug #322133: "mysql-dfsg: Buffer overflow in user defined functions")
bye,
-christian-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
