CERTA-2004-AVI-223
Vulnerability from certfr_avis

Deux vulnérabilités de MySQL permettent à un utilisateur mal intentionné de contourner le mécanisme d'authentification.

Description

MySQL est un serveur de base de données open source.
Une première vulnérabilité permet à un utilisateur mal intentionné de contourner le mécanisme d'authentification par mot de passe.
Une seconde vulnérabilité permet à un utilisateur mal intentionné de déclencher un débordement de mémoire dans le mécanisme d'authentification.

Solution

  • La version de MySQL 4.1.3 corrige ces vulnérabilités ;
  • la version de MySQL 5.0 corrigera ces vulnérabilités.

MySQL est téléchargeable à l'adresse suivante :

http://www.mysql.com/downloads/
None
Impacted products
Vendor Product Description
Oracle MySQL MySQL 5.0.
Oracle MySQL Toutes les versions de MySQL de la branche 4.1 antérieures à la version 4.1.3 ;
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MySQL 5.0.",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Toutes les versions de MySQL de la branche 4.1 ant\u00e9rieures \u00e0 la version 4.1.3 ;",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nMySQL est un serveur de base de donn\u00e9es open source.  \nUne premi\u00e8re vuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur mal intentionn\u00e9 de\ncontourner le m\u00e9canisme d\u0027authentification par mot de passe.  \nUne seconde vuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur mal intentionn\u00e9 de\nd\u00e9clencher un d\u00e9bordement de m\u00e9moire dans le m\u00e9canisme\nd\u0027authentification.\n\n## Solution\n\n-   La version de MySQL 4.1.3 corrige ces vuln\u00e9rabilit\u00e9s ;\n-   la version de MySQL 5.0 corrigera ces vuln\u00e9rabilit\u00e9s.\n\nMySQL est t\u00e9l\u00e9chargeable \u00e0 l\u0027adresse suivante :\n\n    http://www.mysql.com/downloads/\n",
  "cves": [],
  "initial_release_date": "2004-07-06T00:00:00",
  "last_revision_date": "2004-07-06T00:00:00",
  "links": [
    {
      "title": "Site Internet de MySQL :",
      "url": "http://www.mysql.com"
    }
  ],
  "reference": "CERTA-2004-AVI-223",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-07-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire possible"
    },
    {
      "description": "Contournement du m\u00e9canisme d\u0027authentification"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s de MySQL permettent \u00e0 un utilisateur mal intentionn\u00e9\nde contourner le m\u00e9canisme d\u0027authentification.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de MySQL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 NGS Research du 01 juillet 2004",
      "url": "http://www.nextgenss.com/advisories/mysql-authbypass.txt"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.