Bug 789141 (CVE-2012-0882)
| Summary: | CVE-2012-0882 mysql: unspecified remote exploit (released with VulnDisco Pack Professional 9.17) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED CANTFIX | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | byte, davi, hhorak, karlamrhein, tgl |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-02-13 10:19:04 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 789142 | ||
|
Description
Vincent Danen
2012-02-09 22:47:11 UTC
Statement: We do not currently plan to fix this issue due to the lack of further information about the flaw and its impact. If more information becomes available at a future date, we may revisit the issue. Bit more additional info can be found in: https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html http://partners.immunityinc.com/movies/VD-MySQL-5_5_20.mov Exploit notes shown in the video indicate that the flaw is "yassl buffer overflow". MySQL packages in Red Hat Enterprise Linux and Fedora do not use yaSSL and are linked against system OpenSSL library to provide SSL. Hence if this really is a yaSSL flaw, Red Hat Enterprise Linux and Fedora packages should be unaffected. This was assigned CVE-2012-0882: http://www.openwall.com/lists/oss-security/2012/02/24/2 |