Percona Server with XtraDB

Integrate patch from MariaDB MDEV-3915 into Percona Server

Reported by Jaime Sicam on 2013-04-24
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona Server
Status tracked in 5.6
5.1
High
Sergei Glushchenko
5.5
High
Sergei Glushchenko
5.6
High
Sergei Glushchenko

Bug Description

Percona Server is affected by this bug CVE-2012-5627 where if the intruder has a unprivileged MySQL account, he can do massive brute force login attacks on other user accounts. Testing this vulnerability is described further here: http://seclists.org/fulldisclosure/2012/Dec/58

MariaDB has provided a solution which has been available in 5.5.29 - https://mariadb.atlassian.net/browse/MDEV-3915
It maybe best to implement MariaDB's solution or a custom solution to solve this bug on Percona Server.

information type: Private Security → Public Security

Upstream fix revisions in 5.6:

5.6$ bzr log -n0 -m 16241992
------------------------------------------------------------
revno: 5104
committer: Georgi Kodinov <email address hidden>
branch nick: mysql-5.6
timestamp: Fri 2013-05-10 11:19:05 +0300
message:
  Addendum 2 to BUG#16241992
  Re-introduced the allocation handling calls around change_user to fix valgrind failures.
------------------------------------------------------------
revno: 5103
committer: Georgi Kodinov <email address hidden>
branch nick: mysql-5.6
timestamp: Fri 2013-05-10 10:25:32 +0300
message:
  Addendum 2 to BUG#16241992
  Re-added missing free() calls after a successful change user.
------------------------------------------------------------
revno: 5101
committer: Georgi Kodinov <email address hidden>
branch nick: B16241992-5.6
timestamp: Thu 2013-05-09 12:07:07 +0300
message:
  Bug #16241992

  A COM_CHANGE_USER failure costs very little and
  is not a subject to the same accounting a login failure
  is. This creates an unfair advantage over the ordinary
  login process.
  Fixed by making COM_CHANGE_USER failing to login
  poison the connection (using an unique error number)
  and cause disptatch_command() to exit with an error
   instead of reverting back to the previous credentials.
  Test cases updated.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers