May 4, 2006 8:30 AM PDT

MySQL issues security fix

MySQL has issued a security update to address flaws in its client-server protocol that could allow a malicious attacker to exploit buffer overflow vulnerabilities and gain access to sensitive information.

The open-source database company released its MySQL version 5.0.21 update earlier this week. The update is designed to address security flaws in database server software versions 5.1.9; 5.0.20; 4.1.18; 4.0.26 and prior versions.

Security researcher FrSIRT rates the flaws as "moderate" risk. MySQL version 5.0, which was released late last year, is in widespread use.

FrSIRT noted that one of the three flaws involves a buffer overflow flaw, which could be exploited by attackers to execute arbitrary commands from a user's system.

The two other flaws can be exploited when a validation error occurs when inputting information. The vulnerabilities could allow attackers to disclose portions of the system's memory in the error messages.

See more CNET content tagged:
MySQL, flaw, attacker, buffer-overflow, open source

2 comments

Join the conversation!
Add your comment
not MS???
You mean some else has buffer overflow problems? Its not just an MS thing? Say it aint so, Joe
Posted by gggg sssss (2285 comments )
Reply Link Flag
not MS???
You mean some else has buffer overflow problems? Its not just an MS thing? Say it aint so, Joe
Posted by gggg sssss (2285 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.