Bug #44166 Possible Security Vulnerability in MySQL Server 5.1.30
Submitted: 8 Apr 21:00 Modified: 13 Jul 21:01
Reporter: Fergal Glynn
Status: Closed
Category:Server Severity:S2 (Serious)
Version:5.1.30 OS:Linux
Assigned to: Target Version:5.1.35
Triage: Triaged: D2 (Serious)

[8 Apr 21:00] Fergal Glynn 
Description:
Veracode was engaged to evaluate MySQL Server 5.1.30 for application security
vulnerabilities, and, as part of our responsible disclosure policy, we wish to notify you
to disclose the details of what was found during that evaluation.

Can you please provide the appropriate contact for this project to ensure that we
securely provide the technical details of what we found?

How to repeat:
The analysis is available in a secure location on Veracode's hosted platform.
[8 Apr 21:19] Davi Arnaut 
The security team can be contacted via security@mysql.com
[13 Apr 22:12] Sveta Smirnova 
Thank you for the report.

You can use email from the Davi's comment. Alternatively you can write private
information in this bug report using hidden comment and nobody outside MySQL will see it.
[13 Apr 23:30] Sergei Golubchik 
I'm handling it
[16 Apr 14:36] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/72286

2778 Sergei Golubchik	2009-04-16
      bug#44166
      removed few sprintf's
[4 May 22:34] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/73338

2893 Sergei Golubchik	2009-05-04
      bug#44166
      removed few sprintf's
[28 May 10:19] Bugs System 
Pushed into 5.1.36 (revid:joro@sun.com-20090528073639-yohsb4q1jzg7ycws) (version source
revid:mats@sun.com-20090511132802-nnkiyb2huih1tklz) (merge vers: 5.1.35) (pib:6)
[17 Jun 21:23] Bugs System 
Pushed into 5.4.4-alpha (revid:alik@sun.com-20090616183122-chjzbaa30qopdra9) (version
source revid:mhansson@mysql.com-20090505082504-f9goof5x1eyrmlyi) (merge vers:
6.0.12-alpha) (pib:11)
[13 Jul 21:01] Paul DuBois 
Noted in 5.1.36, 5.4.4 changelogs.

Four potential format string vulnerabilities were fixed (discovered
by the Veracode code analysis).
[12 Aug 23:49] Paul DuBois 
Noted in 5.4.2 changelog because next 5.4 version will be 5.4.2 and not 5.4.4.
[15 Aug 0:46] Paul DuBois 
Ignore previous comment about 5.4.2.
[26 Aug 15:46] Bugs System 
Pushed into 5.1.37-ndb-7.0.8 (revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l)
(version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers:
5.1.37-ndb-7.0.8) (pib:11)
[26 Aug 15:46] Bugs System 
Pushed into 5.1.37-ndb-6.3.27 (revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc)
(version source revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc) (merge vers:
5.1.37-ndb-6.3.27) (pib:11)
[26 Aug 15:48] Bugs System 
Pushed into 5.1.37-ndb-6.2.19 (revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4)
(version source revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4) (merge vers:
5.1.37-ndb-6.2.19) (pib:11)
[27 Aug 18:33] Bugs System 
Pushed into 5.1.35-ndb-7.1.0 (revid:magnus.blaudd@sun.com-20090827163030-6o3kk6r2oua159hr)
(version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers:
5.1.37-ndb-7.0.8) (pib:11)
[7 Oct 3:26] Paul DuBois 
The 5.4 fix has been pushed into 5.4.2.