Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 500260 (CVE-2014-0001) - <dev-db/mysql-5.5.39: Buffer Overflow Vulnerability (CVE-2014-0001)
Summary: <dev-db/mysql-5.5.39: Buffer Overflow Vulnerability (CVE-2014-0001)
Status: RESOLVED FIXED
Alias: CVE-2014-0001
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/52161/
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-04 10:40 UTC by Agostino Sarubbo
Modified: 2014-09-04 08:48 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-02-04 10:40:55 UTC
From ${URL} :

Description

A vulnerability has been reported in MySQL, which can be exploited by malicious people to compromise a 
user's system.

The vulnerability is caused due to a boundary error within MySQL client in the "main()" function when 
processing received server information (client/mysql.cc) and can be exploited to cause a buffer overflow.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into 
connecting to a malicious server.


Solution:
No official solution is currently available.

Provided and/or discovered by:
Garth Mollett in a bug report.

Original Advisory:
Garth Mollett:
https://bugzilla.redhat.com/show_bug.cgi?id=1054592


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Kristian Fiskerstrand gentoo-dev Security 2014-06-17 23:17:00 UTC
This issue is fixed in 5.5.37: from http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html : "While printing the server version, the mysql client did not check for buffer overflow in a string variable. (Bug #18186103)"

The issue was introduced in 5.1.34 c.f. https://bugzilla.redhat.com/show_bug.cgi?id=1054592#c24

I don't see any current fix for the 5.1 branch, but it might be possible to backport the patch from https://bugzilla.redhat.com/attachment.cgi?id=854008&action=diff 

@maintainers: Please advise what do you think is the appropriate way further; stabilization of 5.5.37-r1 or backport of patch to the 5.1 series?
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-08-10 20:59:05 UTC
CVE-2014-0001 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0001):
  Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35
  allows remote database servers to cause a denial of service (crash) and
  possibly execute arbitrary code via a long server version string.
Comment 3 Sergey Popov gentoo-dev 2014-09-04 07:11:20 UTC
Added to existing GLSA request
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-09-04 08:48:38 UTC
This issue was resolved and addressed in
 GLSA 201409-04 at http://security.gentoo.org/glsa/glsa-201409-04.xml
by GLSA coordinator Sergey Popov (pinkbyte).