Audit_log_plugin is reading random memory
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Percona Server moved to https://jira.percona.com/projects/PS |
Fix Released
|
High
|
Sergei Glushchenko | ||
5.5 |
Fix Released
|
High
|
Sergei Glushchenko | ||
5.6 |
Fix Released
|
High
|
Sergei Glushchenko |
Bug Description
This is an update to bug 1435606
I opened a new one since this may be a security vulnerability.
The plugin is reading random memory to use for the file name. I am not aware of an exploit.
Here are sample audit_log_file values from different servers.
@@audit_log_file
-------------\nEND OF INNODB MONITOR OUTPUT\
@@audit_log_file
??
@@audit_log_file
?$?|
@@audit_log_file
ned DEFAULT NULL,\n PRIMARY KEY (`server_id`)\n) ENGINE=InnoDB DEFAULT CHARSET=l?'
@@audit_log_file
?
@@audit_log_file
?C
?
@@audit_log_file
?Hkz@@audit_
v=\n
leted 31967587, read 343313943\n29.07 inserts/s, 32.57 updates/s, 0.00 deletes/s, 32.64 reads/s\
@@audit_log_file
(255) DEFAULT NULL,\n `position` bigint(20) unsigned DEFAULT NULL,\n `relay_
@@audit_log_file
?Timestamp?
@@audit_log_file
N%?q
@@audit_log_file
active inside InnoDB\n0 RO transactions active inside InnoDB\n0 out of 1000 descriptors used\nMain thread process no. 5494, id 140048714626816, state: sleeping\nNumber of rows inserted 42, updated 11323367, deleted 26, read 11404807\n0.00 inserts/s, 11.07 updates/s, 0.00 deletes/s, 11.14 reads/s\
@@audit_log_file
`server_id` int(10) unsigned NOT NULL,\n `file` varchar(255) DEFAULT NULL,\n `position` bigint(20) unsigned DEFAULT NULL,\n `relay_
@@audit_log_file
bigint(20) unsigned DEFAULT NULL,\n `relay_
Changed in percona-server: | |
status: | New → Confirmed |
assignee: | nobody → Sergei Glushchenko (sergei.glushchenko) |
Changed in percona-server: | |
importance: | Undecided → High |
status: | Confirmed → Triaged |
information type: | Private Security → Public Security |
This one looks very strange to me. Are you Percona Server user? What is your server version? Do you use audit plugin which comes with your version or you are using plugin from different version?