Incompletely fixed MySQL bug

Bug #1083377 reported by Stewart Smith
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MySQL Server
Percona Server moved to
Fix Released
Vlad Lesin
Fix Released
Vlad Lesin
Fix Released
Vlad Lesin

Bug Description

MySQL bug 13889741 (which is CVE-2012-3163) was, apparently, not completely fixed. A very similar test case finds new, much more dangerous, buffer overflows in acl_get() and check_grant_db_routine(). They allow to overwrite the buffer by an arbitrary number of bytes, not just by one as in bug 13889741. One can trivially put a shellcode there.

To exploit this one needs a valid low-privileged user account in the MariaDB (or MySQL) server.

This new vulnerability is registered as CVE-2012-5579

Tags: upstream

Related branches

Vlad Lesin (vlad-lesin)
description: updated
Revision history for this message
Vadim Tkachenko (vadim-tk) wrote :


I would like we decide what do we do with this bug fix.

Stewart Smith (stewart)
Changed in percona-server:
assignee: nobody → Vlad Lesin (vlad-lesin)
status: Triaged → Fix Committed
information type: Private Security → Public Security
tags: added: upstream
Revision history for this message
Laurynas Biveinis (laurynas-biveinis) wrote :

Upstream fix at

5.1$ bzr log -r 3853.1.1
revno: 3853.1.1
author: <email address hidden>
committer: Akhil Mohan <email address hidden>
branch nick: mysql-5.1.67-release
timestamp: Thu 2012-11-29 19:34:47 +0100
  applying patch for BUG15912213

Revision history for this message
Laurynas Biveinis (laurynas-biveinis) wrote :

The upstream fix still allows a buffer overflow by two bytes, see bug 1186748.

Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to:

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.