Integrate patch from MariaDB MDEV-3915 into Percona Server
Bug #1172090 reported by
Jaime Sicam
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Percona Server moved to https://jira.percona.com/projects/PS |
Fix Released
|
High
|
Sergei Glushchenko | ||
5.1 |
Fix Released
|
High
|
Sergei Glushchenko | ||
5.5 |
Fix Released
|
High
|
Sergei Glushchenko | ||
5.6 |
Fix Released
|
High
|
Sergei Glushchenko |
Bug Description
Percona Server is affected by this bug CVE-2012-5627 where if the intruder has a unprivileged MySQL account, he can do massive brute force login attacks on other user accounts. Testing this vulnerability is described further here: http://
MariaDB has provided a solution which has been available in 5.5.29 - https:/
It maybe best to implement MariaDB's solution or a custom solution to solve this bug on Percona Server.
Related branches
lp:~sergei.glushchenko/percona-server/CVE-2012-5627-bug1172090-5.6
- Laurynas Biveinis (community): Approve
-
Diff: 758 lines (+357/-171)11 files modifiedPercona-Server/client/mysqltest.cc (+4/-1)
Percona-Server/mysql-test/r/change_user_notembedded.result (+5/-0)
Percona-Server/mysql-test/r/failed_auth_3909.result (+20/-0)
Percona-Server/mysql-test/r/mysqltest.result (+3/-3)
Percona-Server/mysql-test/t/change_user_notembedded.test (+24/-0)
Percona-Server/mysql-test/t/failed_auth_3909.test (+37/-0)
Percona-Server/sql/sql_acl.cc (+48/-6)
Percona-Server/sql/sql_class.cc (+1/-0)
Percona-Server/sql/sql_class.h (+1/-0)
Percona-Server/sql/sql_parse.cc (+18/-1)
Percona-Server/tests/mysql_client_test.c (+196/-160)
lp:~sergei.glushchenko/percona-server/CVE-2012-5627-bug1172090-5.1
- Laurynas Biveinis (community): Approve
-
Diff: 570 lines (+249/-165)8 files modifiedPercona-Server/client/mysqltest.cc (+4/-1)
Percona-Server/mysql-test/r/change_user_notembedded.result (+5/-0)
Percona-Server/mysql-test/r/mysqltest.result (+3/-3)
Percona-Server/mysql-test/t/change_user_notembedded.test (+24/-0)
Percona-Server/sql/sql_class.cc (+1/-0)
Percona-Server/sql/sql_class.h (+1/-0)
Percona-Server/sql/sql_parse.cc (+15/-1)
Percona-Server/tests/mysql_client_test.c (+196/-160)
lp:~sergei.glushchenko/percona-server/CVE-2012-5627-bug1172090-5.5
- Laurynas Biveinis (community): Approve
-
Diff: 758 lines (+357/-171)11 files modifiedPercona-Server/client/mysqltest.cc (+4/-1)
Percona-Server/mysql-test/r/change_user_notembedded.result (+5/-0)
Percona-Server/mysql-test/r/failed_auth_3909.result (+20/-0)
Percona-Server/mysql-test/r/mysqltest.result (+3/-3)
Percona-Server/mysql-test/t/change_user_notembedded.test (+24/-0)
Percona-Server/mysql-test/t/failed_auth_3909.test (+37/-0)
Percona-Server/sql/sql_acl.cc (+48/-6)
Percona-Server/sql/sql_class.cc (+1/-0)
Percona-Server/sql/sql_class.h (+1/-0)
Percona-Server/sql/sql_parse.cc (+18/-1)
Percona-Server/tests/mysql_client_test.c (+196/-160)
CVE References
information type: | Private Security → Public Security |
To post a comment you must log in.
Triaging as High due to db-as-a-service impact.
MariaDB fix at /bazaar. launchpad. net/~maria- captains/ maria/5. 2/revision/ 3200 /bazaar. launchpad. net/~maria- captains/ maria/5. 2/revision/ 3201
https:/
https:/