Bug #11844 CAN-2005-2096 zlib arbitrary code execution vulnerability
Submitted: 10 Jul 2005 16:24 Modified: 13 Jul 2005 20:23
Reporter: James Day
Status: Closed
Category:Server Severity:S1 (Critical)
Version:All using zlib OS:Any (all)
Assigned to: Jim Winstead Target Version:

[10 Jul 2005 16:24] James Day 
Description:
CAN-2005-2096 ( http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 ) reports a
new zlib crafted data vulnerability which results in a buffer overflow and arbitrary code
execution. No exploits yet reported.

Other references:

 http://secunia.com/advisories/15949/

Possible fix (not official zlib fix):

 http://it.slashdot.org/comments.pl?sid=155369&cid=13025936

All MySQL products using zlib are affected, not only the database server.

How to repeat:
n/a
[11 Jul 2005 19:36] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/26901
[11 Jul 2005 19:37] Jim Winstead 
This only impacts MySQL 4.1 and later, as 4.0 (and earlier) includes an earlier version of
zlib that is reportedly not vulnerable.
[13 Jul 2005 18:30] Jim Winstead 
Fixed in 4.1.13 and 5.0.10.
[13 Jul 2005 20:23] Paul DuBois 
Noted in 4.1.13, 5.0.10 changelogs.
[29 Jul 2005 13:49] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/27714