Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 15 Nov 2016 23:11:46 -0500
From: Patrick Galbraith <patg@...g.net>
To: oss-security@...ts.openwall.com
Subject: CVE-2016-1249: Out-of-bounds read by DBD::mysql >= version 2.9003


======

SECURITY ADVISORY - Out-of-bounds read by DBD::mysql

Out-of-bounds read by DBD::mysql

A vulnerability was discovered that can lead to an out-of-bounds read
when using server side prepared statements with an unaligned number of
placeholders in WHERE condition and output fields in SELECT expression.

Project name and URL — DBD::mysql Perl MySQL client driver, http://search.cpan.org/~capttofu/DBD-mysql/lib/DBD/mysql.pm <http://search.cpan.org/~capttofu/DBD-mysql/lib/DBD/mysql.pm>
Versions known to be affected — 2.9004 and later (2005 and later)
Versions known to be not affected — 2.9003 and earlier (before 2005)
Version containing Fix — 4.039 and later (current)
Link to fix: https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe <https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe>

Type of vulnerability and its impact — could lead to out-of-bounds read when using server-side prepared statement support in the driver

CVE identifier — CVE-2016-1249

Planned release — availability: immediately

Mitigating factors — This problem is only exposed when the user uses server-side prepared statement support, which is NOT default behavior and was turned off back for all drivers per MySQL AB decision in 2006 due to issues with server-side prepared statements in the server. The behavior of the driver is normally emulated.

Work-arounds — Use the default driver setting which is using emulated prepared statements

Credit — Many thanks to Pali Rohár for discovering and fixing the vulnerability.

======

Content of type "text/html" skipped

Download attachment "signature.asc" of type "application/pgp-signature" (188 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ