Bug #44166 Possible Security Vulnerability in MySQL Server 5.1.30
Submitted: 8 Apr 2009 21:00 Modified: 13 Jul 2009 21:01
Reporter: Fergal Glynn
Status: Closed
Category:Server Severity:S2 (Serious)
Version:5.1.30 OS:Linux
Assigned to: Target Version:5.1.35
Triage: Triaged: D2 (Serious)

[8 Apr 2009 21:00] Fergal Glynn 
Description:
Veracode was engaged to evaluate MySQL Server 5.1.30 for application security
vulnerabilities, and, as part of our responsible disclosure policy, we wish to notify you
to disclose the details of what was found during that evaluation.

Can you please provide the appropriate contact for this project to ensure that we
securely provide the technical details of what we found?

How to repeat:
The analysis is available in a secure location on Veracode's hosted platform.
[8 Apr 2009 21:19] Davi Arnaut 
The security team can be contacted via security@mysql.com
[13 Apr 2009 22:12] Sveta Smirnova 
Thank you for the report.

You can use email from the Davi's comment. Alternatively you can write private
information in this bug report using hidden comment and nobody outside MySQL will see it.
[13 Apr 2009 23:30] Sergei Golubchik 
I'm handling it
[16 Apr 2009 14:36] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/72286

2778 Sergei Golubchik	2009-04-16
      bug#44166
      removed few sprintf's
[4 May 2009 22:34] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/73338

2893 Sergei Golubchik	2009-05-04
      bug#44166
      removed few sprintf's
[28 May 2009 10:19] Bugs System 
Pushed into 5.1.36 (revid:joro@sun.com-20090528073639-yohsb4q1jzg7ycws) (version source
revid:mats@sun.com-20090511132802-nnkiyb2huih1tklz) (merge vers: 5.1.35) (pib:6)
[17 Jun 2009 21:23] Bugs System 
Pushed into 5.4.4-alpha (revid:alik@sun.com-20090616183122-chjzbaa30qopdra9) (version
source revid:mhansson@mysql.com-20090505082504-f9goof5x1eyrmlyi) (merge vers:
6.0.12-alpha) (pib:11)
[13 Jul 2009 21:01] Paul DuBois 
Noted in 5.1.36, 5.4.4 changelogs.

Four potential format string vulnerabilities were fixed (discovered
by the Veracode code analysis).
[12 Aug 2009 23:49] Paul DuBois 
Noted in 5.4.2 changelog because next 5.4 version will be 5.4.2 and not 5.4.4.
[15 Aug 2009 0:46] Paul DuBois 
Ignore previous comment about 5.4.2.
[26 Aug 2009 15:46] Bugs System 
Pushed into 5.1.37-ndb-7.0.8 (revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l)
(version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers:
5.1.37-ndb-7.0.8) (pib:11)
[26 Aug 2009 15:46] Bugs System 
Pushed into 5.1.37-ndb-6.3.27 (revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc)
(version source revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc) (merge vers:
5.1.37-ndb-6.3.27) (pib:11)
[26 Aug 2009 15:48] Bugs System 
Pushed into 5.1.37-ndb-6.2.19 (revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4)
(version source revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4) (merge vers:
5.1.37-ndb-6.2.19) (pib:11)
[27 Aug 2009 18:33] Bugs System 
Pushed into 5.1.35-ndb-7.1.0 (revid:magnus.blaudd@sun.com-20090827163030-6o3kk6r2oua159hr)
(version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers:
5.1.37-ndb-7.0.8) (pib:11)
[7 Oct 2009 3:26] Paul DuBois 
The 5.4 fix has been pushed into 5.4.2.