Bug 419991 - (CVE-2007-5968) CVE-2007-5968 mysql: privilege gain via binlog
CVE-2007-5968 mysql: privilege gain via binlog
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
source=cve,reported=20071210,public=2...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-11 11:25 EST by Tomas Hoger
Modified: 2007-12-12 09:36 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-12-12 09:36:31 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2007-12-11 11:25:25 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5968 to the following vulnerability:

MySQL 5.1.x before 5.1.23 might allow attackers to gain privileges via unspecified use of the BINLOG statement in conjunction with the binlog filename, which is interpreted as an absolute path by some components of the product, and as a relative path by other components.

References:

http://bugs.mysql.com/bug.php?id=28597
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
Comment 1 Tomas Hoger 2007-12-11 12:28:38 EST
I fail to see anything to suggest any security implications in the bug
referenced by CVE description.  Don't know what is the CVE description based on...

Referenced bug report is also mentioned in release notes in the context of other
fix:

  Replication: It was possible for the name of the relay log file to exceeed the
  amount of memory reserved for it, possibly leading to a crash of the server.
  (Bug#31836)

  http://bugs.mysql.com/bug.php?id=31836

This is possible buffer overflow triggered if server is using pidfile with name
longer than 502 characters.  This is controlled by system administrator, so no
trust boundary is crossed here and therefore MySQL Bug#31836 won't be treated as
security issue.

Tom, do you see anything I've missed?
Comment 2 Tom Lane 2007-12-11 15:45:00 EST
I concur, this looks like a garden-variety bug with no foreseeable security implications.
Comment 3 Robert Buchholz 2007-12-12 09:22:44 EST
CVE was rejected.
Comment 4 Tomas Hoger 2007-12-12 09:36:31 EST
Right, thanks Robert for the notice!

New CVE-2007-5968 description:

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER.
ConsultIDs: None.
Reason: the candidate's description and references were inconsistent and
described unrelated issues.
Notes: All references and descriptions in this candidate have been removed to
prevent accidental usage.

Note You need to log in before you can comment on or make changes to this bug.