A stack-based buffer overflow flaw was found in the way MySQL, a multi-user, multi-threaded SQL database server, performed verification if specific user had the right to access particular database. An authenticated database user could use this flaw to cause mysqld daemon crash (denial of service) or, potentially, to execute arbitrary code with the privileges of the user running the mysqld daemon, by providing a specially-crafted database name to the routine checking the access rights. References: [1] https://mariadb.atlassian.net/browse/MDEV-3884 [2] http://bugs.mysql.com/bug.php?id=67685 (private) Relevant MariaDB patch: [3] http://bazaar.launchpad.net/~maria-captains/maria/5.3/revision/2643.153.26
This issue affects the versions of the mysql package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the mysql package, as shipped with Fedora release of 16 and 17.
Public now via MariaDB versions 5.5.28a, 5.3.11, 5.2.13, and 5.1.66: https://mariadb.atlassian.net/browse/MDEV-3884 https://kb.askmonty.org/en/mariadb-5528a-release-notes/ https://kb.askmonty.org/en/mariadb-5311-release-notes/ https://kb.askmonty.org/en/mariadb-5213-release-notes/ https://kb.askmonty.org/en/mariadb-5166-release-notes/ MariaDB upstream fix: http://bazaar.launchpad.net/~maria-captains/maria/5.1/revision/3168
*** Bug 882599 has been marked as a duplicate of this bug. ***
As per http://seclists.org/oss-sec/2012/q4/392 , it was decided to use CVE-2012-5611 for this issue.
Just a noted - the CVE-2012-5579 identifier has been rejected by Mitre: ----------------------------------------------------------------------- ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5611. Reason: This candidate is a duplicate of CVE-2012-5611. Notes: All CVE users should reference CVE-2012-5611 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. ===== The CVE-2012-5611 identifier is the correct one to be used for referencing of this issue.
Some other references: http://www.exploit-db.com/exploits/23075 http://seclists.org/fulldisclosure/2012/Dec/4 http://www.openwall.com/lists/oss-security/2012/12/02/3 http://www.openwall.com/lists/oss-security/2012/12/02/4
Created mysql tracking bugs for this issue Affects: fedora-all [bug 883642]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1551 https://rhn.redhat.com/errata/RHSA-2012-1551.html
mysql-5.5.28-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
mysql-5.5.28-2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
Fixed in MySQL versions 5.1.67 and 5.5.29: http://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3854 http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4038 Noted in release notes: Very long database names in queries could cause the server to exit. (Bug #15912213) http://dev.mysql.com/doc/refman/5.1/en/news-5-1-67.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-29.html
mysql-5.5.28-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
Oracle January 2013 CPU record for CVE-2012-5611: http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0180 https://rhn.redhat.com/errata/RHSA-2013-0180.html