The upcoming MySQL 5.1.47 [1] and 5.0.91 [2] releases indicate a fix for the following issue, which has been assigned CVE-2010-1850. Currently the bug report [3] is not public. The server was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code. (Bug#53237, CVE-2010-1850) Without access to the upstream bug, it is difficult to determine if this would also affect older 4.x releases. [1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html [2] http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html [3] http://bugs.mysql.com/bug.php?id=53237
Upstream commits referencing upstream bug, both 5.0 and 5.1 branches: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0-bugteam/revision/2859 http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1-bugteam/revision/1810.3987.13
Created attachment 415406 [details] Patch backported to 5.0.77, EL5 http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0-bugteam/revision/2859
Statement: These issues did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, or 4.
mysql-5.1.47-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/mysql-5.1.47-1.fc12
mysql-5.1.47-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/mysql-5.1.47-1.fc13
mysql-5.1.47-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/mysql-5.1.47-1.fc11
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0442 https://rhn.redhat.com/errata/RHSA-2010-0442.html
mysql-5.1.47-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
mysql-5.1.47-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
mysql-5.1.47-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.