Red Hat Bugzilla – Bug 592091
CVE-2010-1850 mysql: COM_FIELD_LIST table name buffer overflow
Last modified: 2012-09-25 12:36:28 EDT
The upcoming MySQL 5.1.47  and 5.0.91  releases indicate a fix for the following issue, which has been assigned CVE-2010-1850. Currently the bug report  is not public.
The server was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code. (Bug#53237, CVE-2010-1850)
Without access to the upstream bug, it is difficult to determine if this would also affect older 4.x releases.
Upstream commits referencing upstream bug, both 5.0 and 5.1 branches:
Created attachment 415406 [details]
Patch backported to 5.0.77, EL5
These issues did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, or 4.
mysql-5.1.47-1.fc12 has been submitted as an update for Fedora 12.
mysql-5.1.47-1.fc13 has been submitted as an update for Fedora 13.
mysql-5.1.47-1.fc11 has been submitted as an update for Fedora 11.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2010:0442 https://rhn.redhat.com/errata/RHSA-2010-0442.html
mysql-5.1.47-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
mysql-5.1.47-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
mysql-5.1.47-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.