Bug 85898 - double-free vulnerability in mysqld < 3.23.55
Summary: double-free vulnerability in mysqld < 3.23.55
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: mysql
Version: 7.3
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Patrick Macdonald
QA Contact: David Lawrence
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-03-10 15:51 UTC by Patrick Macdonald
Modified: 2007-04-18 16:51 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2003-03-25 16:15:46 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2003:093 high SHIPPED_LIVE : Updated MySQL packages fix vulnerabilities 2003-04-29 04:00:00 UTC
Red Hat Product Errata RHSA-2003:094 normal SHIPPED_LIVE Important: mysql security update 2003-04-28 04:00:00 UTC

Description Patrick Macdonald 2003-03-10 15:51:43 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20030208
Netscape/7.02

Description of problem:
The URL provides the following summary:

Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers
with MySQL access to cause a denial of service (crash) via mysql_change_user.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.look at the code
2.
3.
    

Additional info:

Comment 1 Patrick Macdonald 2003-03-10 15:53:25 UTC
Have a patch ready... building errata on 7.0/7.1/7.2/7.3/8.0/AS

Comment 2 Patrick Macdonald 2003-03-25 16:15:46 UTC
Held this patch back and waited for MySQL 3.23.56 (which also includes a fix for a
root exploit). This will be available via the errata system. 


Note You need to log in before you can comment on or make changes to this bug.