Bug 882600 (CVE-2012-5612)
Summary: | CVE-2012-5612 mysql: MDL subsystem heap-based buffer overflow | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | hhorak, jlieskov, redhat, roomojee, tgl |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | mysql 5.5.29 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-01-18 04:53:00 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 882596, 895568, 895572 |
Description
Huzaifa S. Sidhpurwala
2012-12-02 06:51:02 UTC
External Reference: https://mariadb.atlassian.net/browse/MDEV-3908 Some other references: http://www.exploit-db.com/exploits/23076 http://www.openwall.com/lists/oss-security/2012/12/02/3 http://www.openwall.com/lists/oss-security/2012/12/02/4 This issue only affect MySQL 5.5 and higher, since the vulnerable MDL subsystem was first implemented in MySQL 5.5: https://mariadb.atlassian.net/browse/MDEV-3908?focusedCommentId=28712#comment-28712 Based on comment #3, this flaw does not seem to affect the version of mysql shipped with Red Hat Enterprise Linux 5 and 6, since mariadb upstream suggests that this only affects 5.5 and above. Oracle January 2013 CPU record: http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Text of the Oracle flaw description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Parser). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. http://www.oracle.com/technetwork/topics/security/cpujan2013verbose-1897756.html#MSQL Upstream notes this issue only affected MySQL versions 5.5. Red Hat Enterprise Linux 5 and 6 include MySQL versions 5.0.x and 5.1.x respectively, which are not listed as affected. Current Fedora versions are already updated to fixed upstream version. Closing. Oracle MySQL upstream commits: http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4036 http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4037 MariaDB test case: http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/3633 The fix is also noted in 5.5.29 release notes: Very long table aliases in queries could cause the server to exit. (Bug #15948123) http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-29.html |