Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 142429

Summary: dev-db/mysql < 4.1.21 - priviledge bypass/DoS via format string vulnerability
Product: Gentoo Security Reporter: Hack Kampbjorn <hak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: mysql-bugs, tcort
Priority: High    
Version: unspecified   
Hardware: All   
OS: Other   
URL: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
Whiteboard: B3 [glsa] jaervosz
Package list:
Runtime testing required: ---

Description Hack Kampbjorn 2006-08-01 07:34:19 UTC
D.1.2. Changes in release 4.1.21 (19 July 2006)
...

Security fix: If a user has access to MyISAM table t, that user can create a MERGE table m that accesses t. However, if the user's privileges on t are subsequently revoked, the user can continue to access t by doing so through m. If this behavior is undesirable, you can start the server with the new --skip-merge option to disable the MERGE storage engine. (Bug#15195)

Security fix: Invalid arguments to DATE_FORMAT() caused a server crash. (CVE-2006-3469, Bug#20729) Thanks to Jean-David Maillefer for discovering and reporting this problem to the Debian project and to Christian Hammers from the Debian Team for notifying us of it.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-08-01 07:56:17 UTC
Mysql please advise.
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2006-08-01 13:30:43 UTC
Item #1 is a minor case. In all my years of mysql administration, I've never just reduced the privilieges a user has. So I'd consider this an unlikely case, and MERGE tables are also very seldom used anyway.

For the second one, I'll see about a version bump for you.
Comment 3 Luca Longinotti (RETIRED) gentoo-dev 2006-08-01 15:07:18 UTC
Version bump is coming, I already knew about this through their announcement, just didn't have time (national holiday here et all).
Best regards, CHTEKK.
Comment 4 Luca Longinotti (RETIRED) gentoo-dev 2006-08-01 18:25:30 UTC
Done, dev-db/mysql-4.1.21 is in the tree and passes all tests (at least here on my x86 test system).
Best regards, CHTEKK.
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-08-02 00:57:03 UTC
Thx Luca.

Arches please test and mark stable.
Comment 6 Christian Faulhammer (RETIRED) gentoo-dev 2006-08-02 07:45:54 UTC
1) emerges fine
2) passes test suite
3) passes collision test
4) emerge --config works


Portage 2.1-r1 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r4, 2.6.17-gentoo-r4 i686)
=================================================================
System uname: 2.6.17-gentoo-r4 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.6.15
app-admin/eselect-compiler: [Not Present]
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo"
CXXFLAGS="-O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/"
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LINGUAS="de"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage"
USE="x86 3dnow 3dnowext X Xaw3d a52 alsa arts artworkextra asf audiofile avi bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds emacs emboss encode esd evo exif expat fam fat fbcon fdftk ffmpeg firefox foomaticdb fortran ftp gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal icq idn imagemagick imap imlib ipv6 isdnlog java javascript jikes jpeg jpeg2k ldap leim libg++ libwww lm_sensors mad maildir matroska mbox mikmod mime mmx mmxext mng mono motif mp3 mpeg mpeg2 mule nautilus ncurses nforce2 nls nocardbus nptl nptlonly nsplugin nvidia objc ogg opengl pam pcre pdf pdflib perl plotutils pmu png ppds pppd preview-latex print python qt qt3 qt4 quicktime readline reflection reiserfs samba sdk session slang spell spl sse ssl svg svga t1lib tcltk tcpd theora thunderbird tiff truetype truetype-fonts type1-fonts udev usb vcd videos vorbis win32codecs wmf wxwindows xine xml xorg xosd xv xvid zlib elibc_glibc input_devices_mouse input_devices_keyboard kernel_linux linguas_de userland_GNU video_cards_radeon video_cards_vesa video_cards_fbdev"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 7 Thomas Cort (RETIRED) gentoo-dev 2006-08-02 10:32:43 UTC
alpha stable.
Comment 8 Gustavo Zacarias (RETIRED) gentoo-dev 2006-08-02 16:43:31 UTC
sparc stable.
Comment 9 Markus Rothe (RETIRED) gentoo-dev 2006-08-03 00:51:29 UTC
stable on ppc64
Comment 10 Tobias Scherbaum (RETIRED) gentoo-dev 2006-08-03 11:05:11 UTC
ppc stable
Comment 11 René Nussbaumer (RETIRED) gentoo-dev 2006-08-04 05:45:03 UTC
Stable on hppa.
Comment 12 Michael Weyershäuser 2006-08-04 09:04:16 UTC
works fine for me on amd64, passes tests on emerge...

emerge --info
Portage 2.1-r1 (default-linux/amd64/2006.0, gcc-3.4.6, glibc-2.3.6-r4, 2.6.17-suspend2-r3-Dudebox-Edition x86_64)
=================================================================
System uname: 2.6.17-suspend2-r3-Dudebox-Edition x86_64 AMD Athlon(tm) 64 Processor 3200+
Gentoo Base System version 1.6.15
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -O2 -pipe -msse3"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=k8 -O2 -pipe -msse3"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp:///ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/"
LINGUAS="de"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://server/gentoo-portage"
USE="amd64 X alsa arts avi berkdb bitmap-fonts cli crypt cups dlloader dri eds emboss encode foomaticdb fortran gif gnome gpm gstreamer gtk gtk2 imlib ipv6 isdnlog jpeg kde kdeenablefinal lzw lzw-tiff mp3 mpeg ncurses nls nptl opengl pam pcre pdflib perl png pppd python qt qt3 qt4 quicktime readline reflection sdl session spell spl ssl tcpd tiff truetype-fonts type1-fonts unicode usb userlocales xorg xpm xv zlib elibc_glibc input_devices_keyboard input_devices_mouse input_devices_evdev kernel_linux linguas_de userland_GNU video_cards_dummy"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Comment 13 Thomas Cort (RETIRED) gentoo-dev 2006-08-04 09:25:57 UTC
amd64 stable.
Comment 14 Andrej Kacian (RETIRED) gentoo-dev 2006-08-04 11:27:49 UTC
x86 stable. Better late than never *g*.
Comment 15 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-08-05 00:13:40 UTC
This one is ready for GLSA decision.
Comment 16 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-08-05 00:14:50 UTC
MySQL 5 is affected by the same issue handled on bug #142815.
Comment 17 Thierry Carrez (RETIRED) gentoo-dev 2006-08-05 09:48:01 UTC
I tend to vote yes for the DoS DATE_FORMAT thing...
Comment 18 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-08-05 09:56:22 UTC
(In reply to comment #17)
> I tend to vote yes for the DoS DATE_FORMAT thing...
> 

same
Comment 19 Wolf Giesen (RETIRED) gentoo-dev 2006-08-06 03:32:05 UTC
yes, as above
Comment 20 Thierry Carrez (RETIRED) gentoo-dev 2006-08-06 10:21:53 UTC
Let's have one.
Comment 21 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-08-06 12:31:39 UTC
GLSA 200608-09

arm, ia64, mips, s390 don't forget to mark stable to benifit from the GLSA.
Comment 22 Joshua Kinard gentoo-dev 2006-09-03 14:56:56 UTC
Stable on mips.
Comment 23 Peter Volkov (RETIRED) gentoo-dev 2008-03-06 09:41:40 UTC
Does not affect current (2008.0) release. Removing release.