Bug #44166 Possible Security Vulnerability in MySQL Server 5.1.30
Submitted: 8 Apr 2009 19:00 Modified: 13 Jul 2009 19:01
Reporter: Fergal Glynn Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.1.30 OS:Linux
Assigned to: CPU Architecture:Any

[8 Apr 2009 19:00] Fergal Glynn
Description:
Veracode was engaged to evaluate MySQL Server 5.1.30 for application security vulnerabilities, and, as part of our responsible disclosure policy, we wish to notify you to disclose the details of what was found during that evaluation.

Can you please provide the appropriate contact for this project to ensure that we securely provide the technical details of what we found?

How to repeat:
The analysis is available in a secure location on Veracode's hosted platform.
[8 Apr 2009 19:19] Davi Arnaut
The security team can be contacted via security@mysql.com
[13 Apr 2009 20:12] Sveta Smirnova
Thank you for the report.

You can use email from the Davi's comment. Alternatively you can write private information in this bug report using hidden comment and nobody outside MySQL will see it.
[13 Apr 2009 21:30] Sergei Golubchik
I'm handling it
[16 Apr 2009 12:36] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/72286

2778 Sergei Golubchik	2009-04-16
      bug#44166
      removed few sprintf's
[4 May 2009 20:34] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/73338

2893 Sergei Golubchik	2009-05-04
      bug#44166
      removed few sprintf's
[28 May 2009 8:19] Bugs System
Pushed into 5.1.36 (revid:joro@sun.com-20090528073639-yohsb4q1jzg7ycws) (version source revid:mats@sun.com-20090511132802-nnkiyb2huih1tklz) (merge vers: 5.1.35) (pib:6)
[17 Jun 2009 19:23] Bugs System
Pushed into 5.4.4-alpha (revid:alik@sun.com-20090616183122-chjzbaa30qopdra9) (version source revid:mhansson@mysql.com-20090505082504-f9goof5x1eyrmlyi) (merge vers: 6.0.12-alpha) (pib:11)
[13 Jul 2009 19:01] Paul Dubois
Noted in 5.1.36, 5.4.4 changelogs.

Four potential format string vulnerabilities were fixed (discovered
by the Veracode code analysis).
[12 Aug 2009 21:49] Paul Dubois
Noted in 5.4.2 changelog because next 5.4 version will be 5.4.2 and not 5.4.4.
[14 Aug 2009 22:46] Paul Dubois
Ignore previous comment about 5.4.2.
[26 Aug 2009 13:46] Bugs System
Pushed into 5.1.37-ndb-7.0.8 (revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers: 5.1.37-ndb-7.0.8) (pib:11)
[26 Aug 2009 13:46] Bugs System
Pushed into 5.1.37-ndb-6.3.27 (revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc) (version source revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc) (merge vers: 5.1.37-ndb-6.3.27) (pib:11)
[26 Aug 2009 13:48] Bugs System
Pushed into 5.1.37-ndb-6.2.19 (revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4) (version source revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4) (merge vers: 5.1.37-ndb-6.2.19) (pib:11)
[27 Aug 2009 16:33] Bugs System
Pushed into 5.1.35-ndb-7.1.0 (revid:magnus.blaudd@sun.com-20090827163030-6o3kk6r2oua159hr) (version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers: 5.1.37-ndb-7.0.8) (pib:11)
[7 Oct 2009 1:26] Paul Dubois
The 5.4 fix has been pushed into 5.4.2.