Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <D1821A56-55CB-44C2-93AD-B2A42DF71DCD@patg.net>
Date: Tue, 15 Nov 2016 23:11:46 -0500
From: Patrick Galbraith <patg@...g.net>
To: oss-security@...ts.openwall.com
Subject: CVE-2016-1249: Out-of-bounds read by DBD::mysql >= version 2.9003


======

SECURITY ADVISORY - Out-of-bounds read by DBD::mysql

Out-of-bounds read by DBD::mysql

A vulnerability was discovered that can lead to an out-of-bounds read
when using server side prepared statements with an unaligned number of
placeholders in WHERE condition and output fields in SELECT expression.

Project name and URL — DBD::mysql Perl MySQL client driver, http://search.cpan.org/~capttofu/DBD-mysql/lib/DBD/mysql.pm <http://search.cpan.org/~capttofu/DBD-mysql/lib/DBD/mysql.pm>
Versions known to be affected — 2.9004 and later (2005 and later)
Versions known to be not affected — 2.9003 and earlier (before 2005)
Version containing Fix — 4.039 and later (current)
Link to fix: https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe <https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe>

Type of vulnerability and its impact — could lead to out-of-bounds read when using server-side prepared statement support in the driver

CVE identifier — CVE-2016-1249

Planned release — availability: immediately

Mitigating factors — This problem is only exposed when the user uses server-side prepared statement support, which is NOT default behavior and was turned off back for all drivers per MySQL AB decision in 2006 due to issues with server-side prepared statements in the server. The behavior of the driver is normally emulated.

Work-arounds — Use the default driver setting which is using emulated prepared statements

Credit — Many thanks to Pali Rohár for discovering and fixing the vulnerability.

======

Content of type "text/html" skipped

Download attachment "signature.asc" of type "application/pgp-signature" (188 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.