Bug 1010457 - (CVE-2016-1249) VUL-1: CVE-2016-1249: perl-DBD-mysql: Out-of-bounds read when using server-side prepared statement support
(CVE-2016-1249)
VUL-1: CVE-2016-1249: perl-DBD-mysql: Out-of-bounds read when using server-si...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/176389/
CVSSv2:SUSE:CVE-2016-1249:6.1:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-16 12:02 UTC by Johannes Segitz
Modified: 2020-06-29 06:26 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-11-16 12:02:26 UTC
Out-of-bounds read by DBD::mysql

A vulnerability was discovered that can lead to an out-of-bounds read
when using server side prepared statements with an unaligned number of
placeholders in WHERE condition and output fields in SELECT expression.

Versions known to be affected — 2.9004 and later (2005 and later)
Versions known to be not affected — 2.9003 and earlier (before 2005)
Version containing Fix — 4.039 and later (current)
Link to fix: https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe 

Type of vulnerability and its impact — could lead to out-of-bounds read when using server-side prepared statement 
support in the driver

Mitigating factors — This problem is only exposed when the user uses server-side prepared statement support, which is 
NOT default behavior and was turned off back for all drivers per MySQL AB decision in 2006 due to issues with 
server-side prepared statements in the server. The behavior of the driver is normally emulated.

Work-arounds — Use the default driver setting which is using emulated prepared statements

Credit: Pali Rohár for discovering and fixing the vulnerability.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1395591
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1249
http://seclists.org/oss-sec/2016/q4/433
https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe
Comment 1 Swamp Workflow Management 2016-11-16 23:03:20 UTC
bugbot adjusting priority
Comment 2 Marcus Meissner 2016-12-22 10:33:45 UTC
Tomas, please submit fixes for this issue as we have a running update.
Comment 4 Tomáš Chvátal 2017-01-03 12:14:10 UTC
Submissions done.
Comment 7 Swamp Workflow Management 2017-01-13 13:09:38 UTC
SUSE-SU-2017:0122-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1002626,1010457
CVE References: CVE-2016-1246,CVE-2016-1249
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    perl-DBD-mysql-4.008-9.1
SUSE Linux Enterprise Server 11-SP4 (src):    perl-DBD-mysql-4.008-9.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    perl-DBD-mysql-4.008-9.1
Comment 8 Swamp Workflow Management 2017-01-13 13:10:20 UTC
SUSE-SU-2017:0123-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1002626,1010457,1012546
CVE References: CVE-2016-1246,CVE-2016-1249,CVE-2016-1251
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    perl-DBD-mysql-4.021-11.1
SUSE Linux Enterprise Server 12-SP2 (src):    perl-DBD-mysql-4.021-11.1
SUSE Linux Enterprise Server 12-SP1 (src):    perl-DBD-mysql-4.021-11.1
Comment 9 Swamp Workflow Management 2017-01-23 11:10:10 UTC
openSUSE-SU-2017:0252-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1002626,1010457,1012546
CVE References: CVE-2016-1246,CVE-2016-1249,CVE-2016-1251
Sources used:
openSUSE Leap 42.2 (src):    perl-DBD-mysql-4.021-14.1
openSUSE Leap 42.1 (src):    perl-DBD-mysql-4.021-13.1
Comment 10 Swamp Workflow Management 2017-02-07 12:07:36 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-02-21.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63414
Comment 11 Marcus Meissner 2017-03-02 14:03:01 UTC
released