Bug 640856 (CVE-2010-3837) - CVE-2010-3837 MySQL: crash when group_concat and "with rollup" in prepared statements (MySQL Bug#54476)
Summary: CVE-2010-3837 MySQL: crash when group_concat and "with rollup" in prepared st...
Status: CLOSED ERRATA
Alias: CVE-2010-3837
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20100614,repor...
Keywords: Security
Depends On: 645642 645643 645647 652553 652554 833943
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-10-06 22:10 UTC by Vincent Danen
Modified: 2019-06-08 13:07 UTC (History)
4 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2012-06-20 15:20:14 UTC


Attachments (Terms of Use)
upstream patch (3.47 KB, patch)
2010-10-14 08:39 UTC, Huzaifa S. Sidhpurwala
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0825 normal SHIPPED_LIVE Moderate: mysql security update 2010-11-03 20:21:33 UTC
Red Hat Product Errata RHSA-2011:0164 normal SHIPPED_LIVE Moderate: mysql security update 2011-01-18 18:42:37 UTC

Description Vincent Danen 2010-10-06 22:10:04 UTC
A flaw in MySQL versions prior to 5.1.51 [1] was reported [2] that could allow an authenticated user to kill connections to MySQL by using GROUP_CONCAT() together with 'WITH ROLLUP'.

[1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
[2] http://bugs.mysql.com/bug.php?id=54476

This is noted as having been fixed in MySQL 5.1.51, but it does not cause a crash on MySQL 5.0.50 in Fedora 13.  It also causes a crash on Red Hat Enterprise Linux 5 (5.0.77) but not Red Hat Enterprise Linux 4 (4.1.22).  GROUP_CONCAT() support looks to have been added in MySQL 4.1, so Red Hat Enterprise Linux 3 is not affected.

A patch for this flaw is included in the upstream report.

Comment 1 Vincent Danen 2010-10-12 20:16:51 UTC
This issue has been assigned the name CVE-2010-3837:

http://article.gmane.org/gmane.comp.security.oss.general/3627

Comment 3 Huzaifa S. Sidhpurwala 2010-10-14 08:39:10 UTC
Created attachment 453404 [details]
upstream patch

Comment 5 Huzaifa S. Sidhpurwala 2010-10-19 02:48:23 UTC
This issue did NOT affect the versions of the mysql package, as shipped with
Red Hat Enterprise Linux 3 and 4.

This issue affects the version of mysql package, as shipped with Red Hat
Enterprise Linux 5 and 6.

---

This issue affects the version of the mysql package, as shipped with
Fedora 12.

This issue did NOT affect the version of the mysql package, as shipped with Fedora 13.

Comment 8 Huzaifa S. Sidhpurwala 2010-10-22 06:35:53 UTC
Created mysql tracking bugs for this issue

Affects: fedora-12 [bug 645647]

Comment 10 errata-xmlrpc 2010-11-03 20:21:45 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0825 https://rhn.redhat.com/errata/RHSA-2010-0825.html

Comment 12 errata-xmlrpc 2011-01-18 18:42:51 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0164 https://rhn.redhat.com/errata/RHSA-2011-0164.html


Note You need to log in before you can comment on or make changes to this bug.