MySQL issues security fix

Security patch is designed for the latest versions of MySQL's open-source database software.

Dawn Kawamoto Former Staff writer, CNET News

Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

Dawn Kawamoto

May 5, 2006 5:28 a.m. PT

MySQL has issued a security update to address flaws in its client-server protocol that could allow a malicious attacker to exploit buffer overflow vulnerabilities and gain access to sensitive information.

The open-source database company released its MySQL version 5.0.21 update earlier this week. The update is designed to address security flaws in database server software versions 5.1.9; 5.0.20; 4.1.18; 4.0.26 and prior versions.

Security researcher FrSIRT rates the flaws as "moderate" risk. MySQL version 5.0, which was released late last year, is in widespread use.

FrSIRT noted that one of the three flaws involves a buffer overflow flaw, which could be exploited by attackers to execute arbitrary commands from a user's system.

The two other flaws can be exploited when a validation error occurs when inputting information. The vulnerabilities could allow attackers to disclose portions of the system's memory in the error messages.