Percona Server moved to https://jira.percona.com/projects/PS

Bug #1186748
Comment #3

Comment 3 for bug 1186748

Revision history for this message

David Busby (d-busby) wrote on 2013-12-05:

FWIW:

Testing on PS 5.5.34-32 x86_64 (Fedora 19 x86_64)

p.o.c. code: http://www.exploit-db.com/exploits/23075/ and tested.

This yeilded the following result:

DBD::mysql::st execute failed: Incorrect usage of DB GRANT and GLOBAL PRIVILEGES at /tmp/cve-2012-5611 line 11.
DBD::mysql::st execute failed: Incorrect usage of DB GRANT and GLOBAL PRIVILEGES at /tmp/cve-2012-5611 line 11

Mysqld did not crash however the user was still created absent grants:

---
mysql> show grants for 'user'@'%';
+-----------------------------------------------------------------------------------------------------+
| Grants for user@% |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user'@'%' IDENTIFIED BY PASSWORD '*' |
+-----------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
---