Madrid, May 5, 2006 - Several vulnerabilities have been reported in the
MySQL database manager, which could be exploited by attackers to
compromise a vulnerable system or obtain sensitive information.

The first flaw is caused by a buffer overflow in script "sql_base.cc",
which cannot handle specially crafted "COM_TABLE_DUMP" packets properly.
This could be exploited by authenticated attackers to run arbitrary
commands.

The second vulnerability stems from an input validation error in file
"sql_parse.cc", which fails to validate "COM_TABLE_DUMP" packets. This
could be exploited by an attacker to have portions of memory disclosed
in error messages.

Finally, the third vulnerability, which could also lead to portions of
the memory to be disclosed in error messages, is due to an input
validation error in script "sql_parse.cc" which cannot handle malformed
login packets properly.

Affected users are advised to upgrade their products to MySQL version
5.0.21, available at http://dev.mysql.com/downloads/. The original
security advisory can be found at
http://www.frsirt.com/english/advisories/2006/1633.