Bug 419991 (CVE-2007-5968)
Summary: | CVE-2007-5968 mysql: privilege gain via binlog | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | tgl |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5968 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-12-12 14:36:31 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Hoger
2007-12-11 16:25:25 UTC
I fail to see anything to suggest any security implications in the bug referenced by CVE description. Don't know what is the CVE description based on... Referenced bug report is also mentioned in release notes in the context of other fix: Replication: It was possible for the name of the relay log file to exceeed the amount of memory reserved for it, possibly leading to a crash of the server. (Bug#31836) http://bugs.mysql.com/bug.php?id=31836 This is possible buffer overflow triggered if server is using pidfile with name longer than 502 characters. This is controlled by system administrator, so no trust boundary is crossed here and therefore MySQL Bug#31836 won't be treated as security issue. Tom, do you see anything I've missed? I concur, this looks like a garden-variety bug with no foreseeable security implications. CVE was rejected. Right, thanks Robert for the notice! New CVE-2007-5968 description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: the candidate's description and references were inconsistent and described unrelated issues. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. |