Bugzilla – Bug 62135
VUL-0: CVE-2004-0957: several mysql bugs
Last modified: 2021-10-12 13:33:04 UTC
Hi, There are several bugs in mysql which debian seems to have fixed. Is this also an issue for us? http://www.nl.debian.org/security/2004/dsa-562
<!-- SBZ_reproduce --> ...
fixed packages submitted for SL 8.1, 8.2, 9.0 and 9.1
Can ids: On 2004-10-14 Martin Schulze wrote: > I have now received two more CVE Ids for the other two vulnerabilities that > weren't fixed in our stable release. > > If you have a good channel to the upstream developers, please tell them > about the CVE IDs and ask them to add a note to their bug tracking system > that an id was assigned to a particular issue. [some text removed] > > > Crash with MATCH..AGAINST > > > Bug: #3870 CAN-2004-0956 > > > Privilege Escalation in ALTER TABLE RENAME > > > Bug: #3270 CAN-2004-0835 > > > Potential Memory Overrun With Compromised DNS Server > > > Class: Denial of Service (crash but not exploitable with glibc they > > > claim) Bug: #4017 CAN-2004-0836 > > > Privilege Escalation on GRANT ALL ON `Foo\_Bar` > > > Bug: #3933 CAN-2004-0957 > > > Concurrent accesses to MERGE tables can result in crash > > > Bug: #2408 CAN-2004-0837
-> incident manager ... for laufzettel creation
the fixes for CAN-2004-0957 and CAN-2004-0956 are missing AFAICS. The Mail from Martin Schulze originally included: > Crash with MATCH..AGAINST (denial of service) > > http://bugs.mysql.com/bug.php?id=3870 > > Only affects mysql 4.0 > > Privilege Escalation on GRANT ALL ON `Foo\_Bar` > > Changelog: > Fixed bug in privilege checking where, under some conditions, one > was able to grant privileges on the database, he has no privileges on. > > http://bugs.mysql.com/bug.php?id=3933 > http://mysql.bkbits.net:8080/mysql-4.0/patch@1.1844.5.1 > > Does not only affect older versions than 4.0 as well.
I suggest refusing the submitted packages. I will submit new ones with the last two issues fixed.
Created attachment 25268 [details] mysql-3.23.58-symlink.patch while you are already at it ... I just saw that redhat has patched some tmp file bugs (CAN-2004-0381 and CAN-2004-0388).
The packages are prepared (including comment #7). I'll submit them as soon as the incomplete ones have been rejected (and removed from /work/src/done).
copy them to mysql.newer or remove the old ones yourself. ... if you can't, you or I can write a mail to autobuild@suse.de
Done
<!-- SBZ_reopen -->Reopened by thomas@suse.de at Tue Oct 26 11:27:05 2004, took initial reporter krahmer@suse.de to cc
reopened for tracking.
/work/src/done/PATCHINFO/mysql.patch.maintained /work/src/done/PATCHINFO/mysql.patch.box
i fixed the 9.1 checkin and submitted packages. It did not build due to one superflous hunk in symlink.patch
I've fixed it as well right now ;-) Thanks anyway.
http://w2d.suse.de/abuildstat/patchinfo/pending/f5ecd541adc5f4196b358cebc212a5c5 http://w2d.suse.de/abuildstat/patchinfo/pending/3a84b4e78dcc8987da4d2325fb664642
packages approved
CVE-2004-0957: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)