Bug 12500

Summary: CVE-2014-0001: mysql - command-line tool buffer overflow via long server version string
Product: Mageia Reporter: Oden Eriksson <oe>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: luigiwalser
Version: 3   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
Whiteboard:
Source RPM: mariadb CVE:
Status comment:

Description Oden Eriksson 2014-02-01 10:38:41 CET 
======================================================
Name: CVE-2014-0001
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20131203
Category: 
Reference: CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592
Reference: CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/
Reference: OSVDB:102713
Reference: URL:http://osvdb.org/102713
Reference: OSVDB:102714
Reference: URL:http://www.osvdb.org/102714

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before
5.5.35 allows remote database servers to cause a denial of service
(crash) and possibly execute arbitrary code via a long server version
string.


Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2014-02-01 17:03:47 CET 
Thanks.  We can fold this into Bug 9878.

*** This bug has been marked as a duplicate of bug 9878 ***

Status: NEW => RESOLVED
CC: (none) => luigiwalser
Resolution: (none) => DUPLICATE