Bug 640808 - (CVE-2010-3834) CVE-2010-3834 MySQL: user variable assignments crash server when used within query (MySQL Bug#55568)
CVE-2010-3834 MySQL: user variable assignments crash server when used within ...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20100928,reported=20100930,sou...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-10-06 16:17 EDT by Vincent Danen
Modified: 2011-01-11 18:06 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-10-21 23:56:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
upstream patch (3.70 KB, patch)
2010-10-14 05:07 EDT, Huzaifa S. Sidhpurwala
no flags Details | Diff

  None (edit)
Description Vincent Danen 2010-10-06 16:17:45 EDT
A flaw in MySQL versions prior to 5.1.51 [1] was reported [2] that could allow an authenticated user to kill connections to MySQL, where the server could crash after materializing a derived table that required a temporary table for grouping.

[1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
[2] http://bugs.mysql.com/bug.php?id=55568
Comment 2 Vincent Danen 2010-10-12 16:11:26 EDT
This issue has been assigned the name CVE-2010-3834:

http://article.gmane.org/gmane.comp.security.oss.general/3627
Comment 4 Huzaifa S. Sidhpurwala 2010-10-14 05:07:57 EDT
Created attachment 453410 [details]
upstream patch
Comment 11 Huzaifa S. Sidhpurwala 2010-10-21 23:56:12 EDT
This issue did NOT affect the versions of mysql as shipped with Fedora 12 and Fedora 13.
Comment 12 Vincent Danen 2011-01-11 18:06:49 EST
Statement:

Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6.

Note You need to log in before you can comment on or make changes to this bug.