Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1443386 - (CVE-2017-3599) CVE-2017-3599 mysql: integer underflow in get_56_lenc_string() leading to DoS (CPU Apr 2017)
CVE-2017-3599 mysql: integer underflow in get_56_lenc_string() leading to DoS...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20170419,repo...
: Security
Depends On: 1443407 1445524 1445525 1445527 1445528
Blocks: 1443389
  Show dependency treegraph
 
Reported: 2017-04-19 03:33 EDT by Adam Mariš
Modified: 2018-04-06 08:45 EDT (History)
27 users (show)

See Also:
Fixed In Version: mysql 5.6.36, mysql 5.7.18
Doc Type: If docs needed, set a value
Doc Text:
An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote attacker with access to the MySQL port could use this flaw to crash the mysqld daemon.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-10-12 05:05:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:2787 normal SHIPPED_LIVE Important: rh-mysql56-mysql security and bug fix update 2017-09-21 07:42:12 EDT
Red Hat Product Errata RHSA-2017:2886 normal SHIPPED_LIVE Important: rh-mysql57-mysql security and bug fix update 2017-10-12 07:53:15 EDT

  None (edit)
Description Adam Mariš 2017-04-19 03:33:15 EDT 
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. 

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL
Comment 1 Adam Mariš 2017-04-19 04:16:28 EDT 
Created community-mysql tracking bugs for this issue:

Affects: fedora-all [bug 1443407]
Comment 2 Tomas Hoger 2017-04-23 08:11:03 EDT 
It seems this CVE may be related to this commit:

https://github.com/mysql/mysql-server/commit/f4165eae6384141905dd39d22c7611ea85de08f4

It addresses an integer underflow issue, that may lead to buffer overflow (probably limited to over-read).  As it's in the code that parses authentication message sent during the connection handshake, it would be a pre-authentication remote DoS.
Comment 3 Tomas Hoger 2017-04-24 02:31:34 EDT 
Blog post from the original issue reporter confirms information in comment 2:

https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/
Comment 6 Tomas Hoger 2017-04-24 05:02:58 EDT 
This issue is partially mitigated by the automatic restart of mysqld after the crash.  It's traditionally achieved by the use of mysqld_safe wrapper script, but is more recently handled by systemd (e.g. as is the case for rh-mysql57 collection for Red Hat Software Collections for Red Hat Enterprise Linux 7).
Comment 8 errata-xmlrpc 2017-09-21 03:49:57 EDT 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS

Via RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2787
Comment 9 errata-xmlrpc 2017-10-12 04:03:47 EDT 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS

Via RHSA-2017:2886 https://access.redhat.com/errata/RHSA-2017:2886
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.