Bug #11844 CAN-2005-2096 zlib arbitrary code execution vulnerability
Submitted: 10 Jul 2005 14:24 Modified: 13 Jul 2005 18:23
Reporter: James Day Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:All using zlib OS:Any (all)
Assigned to: Jim Winstead CPU Architecture:Any

[10 Jul 2005 14:24] James Day
Description:
CAN-2005-2096 ( http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 ) reports a new zlib crafted data vulnerability which results in a buffer overflow and arbitrary code execution. No exploits yet reported.

Other references:

 http://secunia.com/advisories/15949/

Possible fix (not official zlib fix):

 http://it.slashdot.org/comments.pl?sid=155369&cid=13025936

All MySQL products using zlib are affected, not only the database server.

How to repeat:
n/a
[11 Jul 2005 17:36] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/26901
[11 Jul 2005 17:37] Jim Winstead
This only impacts MySQL 4.1 and later, as 4.0 (and earlier) includes an earlier version of zlib that is reportedly not vulnerable.
[13 Jul 2005 16:30] Jim Winstead
Fixed in 4.1.13 and 5.0.10.
[13 Jul 2005 18:23] Paul DuBois
Noted in 4.1.13, 5.0.10 changelogs.
[29 Jul 2005 11:49] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/27714