Incompletely fixed MySQL bug
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | MySQL Server |
Unknown
|
Unknown
|
||
| | Percona Server |
Critical
|
Vlad Lesin | ||
| | 5.1 |
Critical
|
Vlad Lesin | ||
| | 5.5 |
Critical
|
Vlad Lesin | ||
Bug Description
MySQL bug 13889741 (which is CVE-2012-3163) was, apparently, not completely fixed. A very similar test case finds new, much more dangerous, buffer overflows in acl_get() and check_grant_
To exploit this one needs a valid low-privileged user account in the MariaDB (or MySQL) server.
This new vulnerability is registered as CVE-2012-5579
https:/
http://
http://
Related branches
- Stewart Smith (community): Approve on 2012-12-17
- Sergei Glushchenko: Approve (g2) on 2012-12-11
-
Diff: 77 lines (+28/-4)3 files modifiedPercona-Server/mysql-test/r/information_schema.result (+4/-0)
Percona-Server/mysql-test/t/information_schema.test (+8/-0)
Percona-Server/sql/sql_acl.cc (+16/-4)
- Stewart Smith (community): Approve on 2012-12-17
- Sergei Glushchenko: Approve (g2) on 2012-12-11
-
Diff: 79 lines (+28/-4)3 files modifiedPercona-Server/mysql-test/r/information_schema.result (+4/-0)
Percona-Server/mysql-test/t/information_schema.test (+8/-0)
Percona-Server/sql/sql_acl.cc (+16/-4)
| description: | updated |
| Vadim Tkachenko (vadim-tk) wrote : | #1 |
| Changed in percona-server: | |
| assignee: | nobody → Vlad Lesin (vlad-lesin) |
| status: | Triaged → Fix Committed |
| information type: | Private Security → Public Security |
| tags: | added: upstream |
Upstream fix at
5.1$ bzr log -r 3853.1.1
-------
revno: 3853.1.1
author: <email address hidden>
committer: Akhil Mohan <email address hidden>
branch nick: mysql-5.
timestamp: Thu 2012-11-29 19:34:47 +0100
message:
applying patch for BUG15912213
The upstream fix still allows a buffer overflow by two bytes, see bug 1186748.
Stewart,
I would like we decide what do we do with this bug fix.