Incompletely fixed MySQL bug
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| MySQL Server |
Unknown
|
Unknown
|
||
| Percona Server moved to https://jira.percona.com/projects/PS |
Fix Released
|
Critical
|
Vlad Lesin | |
| 5.1 |
Fix Released
|
Critical
|
Vlad Lesin | |
| 5.5 |
Fix Released
|
Critical
|
Vlad Lesin |
Bug Description
MySQL bug 13889741 (which is CVE-2012-3163) was, apparently, not completely fixed. A very similar test case finds new, much more dangerous, buffer overflows in acl_get() and check_grant_
To exploit this one needs a valid low-privileged user account in the MariaDB (or MySQL) server.
This new vulnerability is registered as CVE-2012-5579
https:/
http://
http://
Related branches
- Stewart Smith (community): Approve on 2012-12-17
- Sergei Glushchenko (community): Approve (g2) on 2012-12-11
-
Diff: 79 lines (+28/-4)3 files modifiedPercona-Server/mysql-test/r/information_schema.result (+4/-0)
Percona-Server/mysql-test/t/information_schema.test (+8/-0)
Percona-Server/sql/sql_acl.cc (+16/-4)
- Stewart Smith (community): Approve on 2012-12-17
- Sergei Glushchenko (community): Approve (g2) on 2012-12-11
-
Diff: 77 lines (+28/-4)3 files modifiedPercona-Server/mysql-test/r/information_schema.result (+4/-0)
Percona-Server/mysql-test/t/information_schema.test (+8/-0)
Percona-Server/sql/sql_acl.cc (+16/-4)
description: | updated |
Vadim Tkachenko (vadim-tk) wrote : | #1 |
Changed in percona-server: | |
assignee: | nobody → Vlad Lesin (vlad-lesin) |
status: | Triaged → Fix Committed |
information type: | Private Security → Public Security |
tags: | added: upstream |
Upstream fix at
5.1$ bzr log -r 3853.1.1
-------
revno: 3853.1.1
author: <email address hidden>
committer: Akhil Mohan <email address hidden>
branch nick: mysql-5.
timestamp: Thu 2012-11-29 19:34:47 +0100
message:
applying patch for BUG15912213
The upstream fix still allows a buffer overflow by two bytes, see bug 1186748.
Shahriyar Rzayev (rzayev-sehriyar) wrote : | #4 |
Percona now uses JIRA for bug reports so this bug report is migrated to: https:/
Stewart,
I would like we decide what do we do with this bug fix.