Check Point Advisories

Update Protection against Multiple MySQL Query Commands Vulnerabilities

Vulnerability
Protection

Check Point Reference:	CPAI-2006-130
Date Published:	13 Nov 2006
Severity:	High
Last Updated:	Thursday 03 May, 2007
Source:	FrSIRT/ADV-2006-3079 FrSIRT/ADV-2006-3077
Industry Reference:	CVE-2006-4031 CVE-2006-3862 CVE-2006-3860 CVE-2006-3859 CVE-2006-3857
Protection Provided by:
Who is Vulnerable?	MySQL versions 3.x, 4.x and 5.x IBM Informix Dynamic Server versions 7.3, 9.4 and 10.0
Vulnerability Description	MySQL is an open-source relational database management system that is rapidly growing in popularity. MySQL is free for most applications and is heavily used by the open source community, running on both Windows and UNIX operating systems. SQL query commands form a logical unit and perform a particular task. There are several known and widely exploited vulnerabilities through the use of SQL query commands. These exploits can be used by remote attackers to overwrite arbitrary files and execute arbitrary on a target system. IBM Informix Dynamic Server (IDS) is a strategic data server in the IBM Information Management Software portfolio that provides online transaction processing performance and administration to businesses of all sizes. Multiple vulnerabilities have been reported in IBM Informix Dynamic Server that allow remote attackers to overwrite files and execute arbitrary code via various SQL commands.
Update/Patch Avaliable	Upgrade to version IBM Informix Dynamic Server version 7.31.xD9, 9.40.xC8, or 10.00.xC4: http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24009130 Upgrade to MySQL version 4.1.21 or 5.0.24: http://dev.mysql.com/downloads/
Vulnerability Details	SQL query commands are used to encapsulate a set of operations or queries (which may include specific write commands) to execute on a database server. They are configured and controlled by the database admin, and provide increased functionality for database applications, allowing them to access operating system or network resources. Multiple buffer overflow vulnerabilities in IBM Informix Dynamic Server (IDS) and MySQL Server allow remote users to overwrite arbitrary files and execute arbitrary code via the following commands: LOTOFILE FILETOCLOB getname ifx_file_to_file DBINFO SET DEBUG FILE SQLIDEBUG merge

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our .