[VIM] Vendor dispute of CVE-2006-3486 (MySQL overflow)
Steven M. Christey
coley at mitre.org
Wed Jul 19 15:01:29 EDT 2006
Apparently a terse MySQL changelog entry made it into some VDBs and
into CVE. The vendor has since disputed the issue to us. The CVE
follows, with the end note approved by the vendor.
I would tend to concur given the analysis.
Acknowledged: yes changelog
** DISPUTED **
Off-by-one buffer overflow in the
Instance_options::complete_initialization function in
instance_options.cc in the Instance Manager in MySQL before 5.0.23 and
5.1 before 5.1.12 might allow local users to cause a denial of service
(application crash) via unspecified vectors, which triggers the
overflow when the convert_dirname function is called. NOTE: the
vendor has disputed this issue via e-mail to CVE, saying that it is
only exploitable when the user has access to the configuration file or
the Instance Manager daemon. Due to intended functionality, this
level of access would already allow the user to disrupt program
operation, so this does not cross security boundaries and is not a
ACKNOWLEDGEMENT: MySQL 5.0.23 changelog " A buffer overwrite error in
Instance Manager caused a crash. (Bug#20622)" This apparently
triggered some refined sources to report it as a security issue.
However, the vendor notified CVE via e-mail that the issue is not
exploitable to cross security boundaries, and approved the statement
ACCURACY: it is not clear whether this is security-relevant, as the
input vectors are unknown.
More information about the VIM