2012-11-27 00:27:43 |
Stewart Smith |
bug |
|
|
added bug |
2012-11-30 15:17:54 |
Vlad Lesin |
description |
https://mariadb.atlassian.net/browse/MDEV-3884
http://bugs.mysql.com/bug.php?id=67685
http://bazaar.launchpad.net/~maria-captains/maria/5.3/revision/2643.153.26 |
MySQL bug 13889741 (which is CVE-2012-3163) was, apparently, not completely fixed. A very similar test case finds new, much more dangerous, buffer overflows in acl_get() and check_grant_db_routine(). They allow to overwrite the buffer by an arbitrary number of bytes, not just by one as in bug 13889741. One can trivially put a shellcode there.
To exploit this one needs a valid low-privileged user account in the MariaDB (or MySQL) server.
This new vulnerability is registered as CVE-2012-5579
https://mariadb.atlassian.net/browse/MDEV-3884
http://bugs.mysql.com/bug.php?id=67685
http://bazaar.launchpad.net/~maria-captains/maria/5.3/revision/2643.153.26 |
|
2012-11-30 15:19:54 |
Vlad Lesin |
branch linked |
|
lp:~vlad-lesin/percona-server/5.5-bug1083377 |
|
2012-11-30 15:20:33 |
Vlad Lesin |
branch linked |
|
lp:~vlad-lesin/percona-server/5.1-bug1083377-gca |
|
2012-12-18 01:18:44 |
Stewart Smith |
percona-server: assignee |
|
Vlad Lesin (vlad-lesin) |
|
2012-12-18 01:18:47 |
Stewart Smith |
percona-server: status |
Triaged |
Fix Committed |
|
2012-12-18 22:27:54 |
Stewart Smith |
nominated for series |
|
percona-server/5.1 |
|
2012-12-18 22:27:54 |
Stewart Smith |
bug task added |
|
percona-server/5.1 |
|
2012-12-18 22:27:54 |
Stewart Smith |
nominated for series |
|
percona-server/5.5 |
|
2012-12-18 22:27:54 |
Stewart Smith |
bug task added |
|
percona-server/5.5 |
|
2012-12-18 22:28:03 |
Stewart Smith |
percona-server/5.1: status |
New |
Fix Committed |
|
2012-12-18 22:28:11 |
Stewart Smith |
percona-server/5.1: assignee |
|
Vlad Lesin (vlad-lesin) |
|
2012-12-18 22:28:13 |
Stewart Smith |
percona-server/5.1: importance |
Undecided |
Critical |
|
2012-12-18 22:28:17 |
Stewart Smith |
percona-server/5.1: milestone |
|
5.1.66-14.2 |
|
2012-12-18 22:28:22 |
Stewart Smith |
percona-server/5.5: milestone |
|
5.5.29-29.3 |
|
2012-12-18 22:28:29 |
Stewart Smith |
percona-server/5.5: status |
Fix Committed |
Fix Released |
|
2012-12-19 00:09:07 |
Stewart Smith |
percona-server/5.1: status |
Fix Committed |
Fix Released |
|
2013-05-09 13:46:14 |
Laurynas Biveinis |
information type |
Private Security |
Public Security |
|
2013-06-01 15:17:02 |
Laurynas Biveinis |
bug watch added |
|
http://bugs.mysql.com/bug.php?id=67685 |
|
2013-06-01 15:17:02 |
Laurynas Biveinis |
bug task added |
|
mysql-server |
|
2013-06-01 15:27:05 |
Laurynas Biveinis |
tags |
|
upstream |
|