Bug 789141 (CVE-2012-0882)

Summary: CVE-2012-0882 mysql: unspecified remote exploit (released with VulnDisco Pack Professional 9.17)
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CANTFIX QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: byte, davi, hhorak, karlamrhein, tgl
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=important,public=20120209,reported=20120209,source=internet,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,fedora-all/mysql=new,rhel-6/mysql=new,rhel-5/mysql=new
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-13 05:19:04 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 789142    

Description Vincent Danen 2012-02-09 17:47:11 EST
It was reported [1] that VulnDisco Pack Professional 9.17 contains a working remote 0-day exploit against MySQL 5.5.20.  No further information has been provided or is currently available.

Note: Since no further detailed information is currently available about this flaw, Red Hat Security Response Team is actively investigating the progress done on this (both with upstream and the reporter) and will update this record with further information as soon as it is available.

[1] https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html
Comment 1 Huzaifa S. Sidhpurwala 2012-02-13 05:18:28 EST
Statement:

We do not currently plan to fix this issue due to the lack of further
information about the flaw and its impact. If more information becomes
available at a future date, we may revisit the issue.
Comment 2 Tomas Hoger 2012-02-24 03:12:19 EST
Bit more additional info can be found in:

https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html
http://partners.immunityinc.com/movies/VD-MySQL-5_5_20.mov

Exploit notes shown in the video indicate that the flaw is "yassl buffer overflow".  MySQL packages in Red Hat Enterprise Linux and Fedora do not use yaSSL and are linked against system OpenSSL library to provide SSL.  Hence if this really is a yaSSL flaw, Red Hat Enterprise Linux and Fedora packages should be unaffected.
Comment 3 Vincent Danen 2012-03-05 16:47:13 EST
This was assigned CVE-2012-0882:

http://www.openwall.com/lists/oss-security/2012/02/24/2