FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
835256b8-46ed-11d9-8ce0-00065be4b5b6	mysql -- mysql_real_connect buffer overflow vulnerability The mysql_real_connect function doesn't properly handle DNS replies by copying the IP address into a buffer without any length checking. A specially crafted DNS reply may therefore be used to cause a buffer overflow on affected systems. Note that whether this issue can be exploitable depends on the system library responsible for the gethostbyname function. The bug finder, Lukasz Wojtow, explaines this with the following words: In glibc there is a limitation for an IP address to have only 4 bytes (obviously), but generally speaking the length of the address comes with a response for dns query (i know it sounds funny but read rfc1035 if you don't believe). This bug can occur on libraries where gethostbyname function takes length from dns's response Discovery 2004-06-04 Entry 2004-12-16 Modified 2005-03-15 mysql-server <= 3.23.58_3 >= 4.* lt 4.0.21 mysql-client <= 3.23.58_3 >= 4.* lt 4.0.21 CVE-2004-0836 10981 http://bugs.mysql.com/bug.php?id=4017 http://lists.mysql.com/internals/14726 http://rhn.redhat.com/errata/RHSA-2004-611.html http://www.osvdb.org/displayvuln.php?osvdb_id=10658

VuXML ID

Description

835256b8-46ed-11d9-8ce0-00065be4b5b6

mysql -- mysql_real_connect buffer overflow vulnerability

The mysql_real_connect function doesn't properly handle DNS replies by copying the IP address into a buffer without any length checking. A specially crafted DNS reply may therefore be used to cause a buffer overflow on affected systems.

Note that whether this issue can be exploitable depends on the system library responsible for the gethostbyname function. The bug finder, Lukasz Wojtow, explaines this with the following words:

In glibc there is a limitation for an IP address to have only 4 bytes (obviously), but generally speaking the length of the address comes with a response for dns query (i know it sounds funny but read rfc1035 if you don't believe). This bug can occur on libraries where gethostbyname function takes length from dns's response

Discovery 2004-06-04
Entry 2004-12-16
Modified 2005-03-15
mysql-server

<= 3.23.58_3

>= 4.* lt 4.0.21

mysql-client

<= 3.23.58_3

>= 4.* lt 4.0.21

CVE-2004-0836
10981
http://bugs.mysql.com/bug.php?id=4017
http://lists.mysql.com/internals/14726
http://rhn.redhat.com/errata/RHSA-2004-611.html
http://www.osvdb.org/displayvuln.php?osvdb_id=10658