Bug 881064 (CVE-2012-5579, CVE-2012-5611) - CVE-2012-5611 mysql: acl_get() stack-based buffer overflow
Summary: CVE-2012-5611 mysql: acl_get() stack-based buffer overflow
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-5579, CVE-2012-5611
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 882599 (view as bug list)
Depends On: 883318 883319 883642 892679 892680
Blocks: 881074 882596 mysql-cpu-2013-01 895572
TreeView+ depends on / blocked
 
Reported: 2012-11-28 14:37 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:58 UTC (History)
7 users (show)

Fixed In Version: mysql 5.1.67, mysql 5.5.29
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-01-22 21:00:38 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:1551 normal SHIPPED_LIVE Important: mysql security update 2012-12-07 16:37:16 UTC
Red Hat Product Errata RHSA-2013:0180 normal SHIPPED_LIVE Important: mysql security update 2013-01-22 23:34:58 UTC

Description Jan Lieskovsky 2012-11-28 14:37:58 UTC
A stack-based buffer overflow flaw was found in the way MySQL, a multi-user, multi-threaded SQL database server, performed verification if specific user had the right to access particular database. An authenticated database user could use this flaw to cause mysqld daemon crash (denial of service) or, potentially, to execute arbitrary code with the privileges of the user running the mysqld daemon, by providing a specially-crafted database name to the routine checking the access rights.

References:
[1] https://mariadb.atlassian.net/browse/MDEV-3884
[2] http://bugs.mysql.com/bug.php?id=67685 (private)

Relevant MariaDB patch:
[3] http://bazaar.launchpad.net/~maria-captains/maria/5.3/revision/2643.153.26

Comment 2 Jan Lieskovsky 2012-11-28 15:03:18 UTC
This issue affects the versions of the mysql package, as shipped with Red Hat Enterprise Linux 5 and 6.

--

This issue affects the versions of the mysql package, as shipped with Fedora release of 16 and 17.

Comment 7 Huzaifa S. Sidhpurwala 2012-12-03 09:40:32 UTC
*** Bug 882599 has been marked as a duplicate of this bug. ***

Comment 8 Huzaifa S. Sidhpurwala 2012-12-03 09:49:22 UTC
As per http://seclists.org/oss-sec/2012/q4/392 , it was decided to use CVE-2012-5611 for this issue.

Comment 9 Jan Lieskovsky 2012-12-03 11:14:53 UTC
Just a noted - the CVE-2012-5579 identifier has been rejected by Mitre:
-----------------------------------------------------------------------

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5611. Reason:
This candidate is a duplicate of CVE-2012-5611. Notes: All CVE users
should reference CVE-2012-5611 instead of this candidate. All
references and descriptions in this candidate have been removed to
prevent accidental usage.

=====

The CVE-2012-5611 identifier is the correct one to be used for referencing of this issue.

Comment 14 Huzaifa S. Sidhpurwala 2012-12-05 03:56:23 UTC
Created mysql tracking bugs for this issue

Affects: fedora-all [bug 883642]

Comment 16 errata-xmlrpc 2012-12-07 11:39:07 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1551 https://rhn.redhat.com/errata/RHSA-2012-1551.html

Comment 17 Fedora Update System 2012-12-15 18:00:21 UTC
mysql-5.5.28-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2012-12-21 12:02:44 UTC
mysql-5.5.28-2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 21 Tomas Hoger 2013-01-03 14:11:11 UTC
Fixed in MySQL versions 5.1.67 and 5.5.29:

http://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3854
http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4038

Noted in release notes:

  Very long database names in queries could cause the server to exit.
  (Bug #15912213)

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-67.html
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-29.html

Comment 26 Fedora Update System 2013-01-12 01:04:39 UTC
mysql-5.5.28-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 27 Jan Lieskovsky 2013-01-16 13:38:59 UTC
Oracle January 2013 CPU record for CVE-2012-5611:
  http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

Comment 28 errata-xmlrpc 2013-01-22 18:35:58 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:0180 https://rhn.redhat.com/errata/RHSA-2013-0180.html


Note You need to log in before you can comment on or make changes to this bug.