Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 237166 (CVE-2008-3963)

Summary: dev-db/mysql <5.0.66 b'' Server DoS (CVE-2008-3963)
Product: Gentoo Security Reporter: Alexey Vlasov <renton>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: luckyluke, mysql-bugs
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://bugs.mysql.com/bug.php?id=35658
Whiteboard: A3 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 233567, 246652    
Bug Blocks:    

Description Alexey Vlasov 2008-09-09 10:52:12 UTC
Please, update ebuild.

Reproducible: Always
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-09-09 12:12:44 UTC
Please open security relevant bugs in the Gentoo Security product of Bugzilla.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-09-09 15:08:44 UTC
CVE-2008-3963 has been assigned.
Comment 3 Luca Lesinigo 2008-11-14 14:49:13 UTC
Cannot reproduce on HPPA.

dev-db/mysql-5.0.60-r1
gcc-4.2.4, CFLAGS=CXXFLAGS="-O2 -pipe -march=hppa2.0"

tested with the SELECT b''; and SELECT x''; queries.
Comment 4 Luca Lesinigo 2008-11-14 15:04:12 UTC
but I can confirm it on x86_64.

dev-db/mysql-5.0.60-r1
gcc-3.4.6-r2, CFLAGS=CXXFLAGS="-march=nocona -O2 -pipe -fforce-addr"
hardened profile

SELECT b''; will crash the server.
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2008-11-26 16:08:21 UTC
all stable
Comment 6 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2010-03-25 19:04:55 UTC
security: bump on GLSA for this.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-01-05 22:46:27 UTC
This issue was resolved and addressed in
 GLSA 201201-02 at http://security.gentoo.org/glsa/glsa-201201-02.xml
by GLSA coordinator Tim Sammut (underling).