Vulnerability: Multiple vulnerabilities in MySQL
Number of vulnerabilities: 4
Vector of operation: LAN
Impact: Brute-force attack, Denial of service, System compromise
Affected products: MySQL 5.x
Affected versions: MySQL 5.x, perhaps the only one.
The vulnerability allows a remote user to execute arbitrary code on the target system.
1. An error in the processing of the database name in the function definition when checking access rights. This can be exploited to cause a buffer overflow in the stack, and compromise a vulnerable system.
2. The vulnerability is caused due to the failure to remove the table. This can be exploited to cause a heap overflow and potentially execute arbitrary code.
3. An error when handling the COM_BINLOG_DUMP. This can be exploited to crash the daemon.
4. An error in the processing of authentication errors. A remote user can access the list of legitimate user accounts.
Manufacturer URL: http://www.mysql.com/
Solution: The way to eliminate the vulnerability does not exist at present.