CVE-2013-1861: Buffer Overflow
First published: Thu Mar 07 2013(Updated: )
Alyssa Milburn reported that when MySQL attempts to convert a binary string representation of a raw geometry object to a textual representation, the length checks in MySQL's spatial functions would overflow, resulting in a crash of mysqld (for instance, a query like "select astext(0x0100000000030000000100000000000010);" will cause the crash). This has been reported to both upstream MariaDB [1] and Oracle [2]. A proposed patch is available [3]. [1] <a href="https://mariadb.atlassian.net/browse/MDEV-4252">https://mariadb.atlassian.net/browse/MDEV-4252</a> [2] <a href="http://bugs.mysql.com/bug.php?id=68591">http://bugs.mysql.com/bug.php?id=68591</a> [3] <a href="http://lists.askmonty.org/pipermail/commits/2013-March/004371.html">http://lists.askmonty.org/pipermail/commits/2013-March/004371.html</a> Acknowledgements: Red Hat would like to thank Alyssa Milburn for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/mysql | <5.6.12 | 5.6.12 |
| redhat/mysql | <5.5.32 | 5.5.32 |
| redhat/mysql | <5.1.70 | 5.1.70 |
| Mariadb Mariadb | >=5.5.0<5.5.32 | |
| Mariadb Mariadb | >=10.0.0<10.0.4 | |
| MySQL | >=5.1.0<=5.1.69 | |
| MySQL | >=5.5.0<=5.5.31 | |
| MySQL | >=5.6.0<=5.6.11 | |
| Red Hat Enterprise Linux | =5 | |
| Red Hat Enterprise Linux | =6.0 | |
| Debian Debian Linux | =7.0 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =12.10 | |
| Ubuntu Linux | =13.04 | |
| openSUSE | =11.4 | |
| openSUSE | =12.2 | |
| openSUSE | =12.3 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| suse linux enterprise server vmware | =11-sp3 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://mariadb.atlassian.net/browse/MDEV-4252
- http://bugs.mysql.com/bug.php?id=68591
- http://lists.askmonty.org/pipermail/commits/2013-March/004371.html
- http://bazaar.launchpad.net/~maria-captains/maria/5.1/revision/3188
- http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/3682
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=921836
- https://access.redhat.com/security/cve/CVE-2013-1861
- http://seclists.org/oss-sec/2013/q1/671
- http://lists.askmonty.org/pipermail/commits/2013-March/004447.html
- http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html#AppendixMSQL
- https://bugzilla.redhat.com/show_bug.cgi?id=919247
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html
- http://secunia.com/advisories/52639
- http://secunia.com/advisories/54300
- http://security.gentoo.org/glsa/glsa-201409-04.xml
- http://www.debian.org/security/2013/dsa-2818
- http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- http://www.osvdb.org/91415
- http://www.securityfocus.com/bid/58511
- http://www.ubuntu.com/usn/USN-1909-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82895
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-1861
- agent/software-canonical-lookup
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/mariadb
- canonical/mariadb mariadb
- version/mariadb mariadb/5.5.0
- version/mariadb mariadb/10.0.0
- vendor/oracle
- canonical/mysql
- version/mysql/5.1.0
- version/mysql/5.1.69
- version/mysql/5.5.0
- version/mysql/5.5.31
- version/mysql/5.6.0
- version/mysql/5.6.11
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5
- version/red hat enterprise linux/6.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/10.04
- version/ubuntu linux/12.04
- version/ubuntu linux/12.10
- version/ubuntu linux/13.04
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.4
- version/opensuse/12.2
- version/opensuse/12.3
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/11-sp3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp3
- canonical/suse linux enterprise server vmware
- version/suse linux enterprise server vmware/11-sp3
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11-sp3