Mandrake Linux Security Advisory : MySQL (MDKSA-2002:087)
High Nessus Plugin ID 13985
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionTwo vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitrary code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '�' to any memory address.
Both of these flaws could allow DOS attacks or arbitary code execution within anything linked against libmysqlclient.
SolutionUpdate the affected packages.