vulnerable to MITM attack which would allow exfiltration of MySQL configuration information via --version-check

Bug #1408375 reported by David Busby on 2015-01-07
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona Toolkit moved to https://jira.percona.com/projects/PT
Fix Released
High
Frank Cizmich
Percona XtraBackup moved to https://jira.percona.com/projects/PXB
Fix Released
High
Alexey Kopytov
2.2
Fix Released
High
Alexey Kopytov
2.3
Fix Released
High
Alexey Kopytov

Bug Description

An issue exists within percona-toolkit which allows for the disclosure of MySQL configuration information during a MITM attack against the version-check functionality.

P.O.C exists for this issue and has been circulated internally; this bug serves as the tracker for this issue at this time and will be updated with relevant information.

CVE-2015-1027

Related branches

CVE References

Changed in percona-toolkit:
status: New → In Progress
milestone: none → 2.2.13
assignee: nobody → Frank Cizmich (frank-cizmich)
importance: Undecided → High
David Busby (d-busby) wrote :

CVE-2015-1027 has ben reserved as an identifier for this issue

description: updated
Changed in percona-toolkit:
status: In Progress → Fix Committed
Changed in percona-toolkit:
status: Fix Committed → Fix Released
David Busby (d-busby) wrote :

This needs to be marked against teh correct xtrabackup project also

no longer affects: percona-xtrabackup (Ubuntu)
affects: percona-xtrabackup (Ubuntu) → percona-xtrabackup
Changed in percona-xtrabackup:
importance: Undecided → High
assignee: nobody → Alexey Kopytov (akopytov)
information type: Private Security → Public

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXB-418

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PT-385

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers