Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 237166 (CVE-2008-3963) - dev-db/mysql <5.0.66 b'' Server DoS (CVE-2008-3963)
Summary: dev-db/mysql <5.0.66 b'' Server DoS (CVE-2008-3963)
Alias: CVE-2008-3963
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa]
Depends on: 233567 246652
  Show dependency tree
Reported: 2008-09-09 10:52 UTC by Alexey Vlasov
Modified: 2012-01-05 22:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Vlasov 2008-09-09 10:52:12 UTC
Please, update ebuild.

Reproducible: Always
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-09-09 12:12:44 UTC
Please open security relevant bugs in the Gentoo Security product of Bugzilla.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-09-09 15:08:44 UTC
CVE-2008-3963 has been assigned.
Comment 3 Luca Lesinigo 2008-11-14 14:49:13 UTC
Cannot reproduce on HPPA.

gcc-4.2.4, CFLAGS=CXXFLAGS="-O2 -pipe -march=hppa2.0"

tested with the SELECT b''; and SELECT x''; queries.
Comment 4 Luca Lesinigo 2008-11-14 15:04:12 UTC
but I can confirm it on x86_64.

gcc-3.4.6-r2, CFLAGS=CXXFLAGS="-march=nocona -O2 -pipe -fforce-addr"
hardened profile

SELECT b''; will crash the server.
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2008-11-26 16:08:21 UTC
all stable
Comment 6 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2010-03-25 19:04:55 UTC
security: bump on GLSA for this.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-01-05 22:46:27 UTC
This issue was resolved and addressed in
 GLSA 201201-02 at
by GLSA coordinator Tim Sammut (underling).