Bug 881064 - (CVE-2012-5579, CVE-2012-5611) CVE-2012-5611 mysql: acl_get() stack-based buffer overflow
CVE-2012-5611 mysql: acl_get() stack-based buffer overflow
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20121129,repo...
: Security
: 882599 (view as bug list)
Depends On: 883318 883319 883642 892679 892680
Blocks: 881074 882596 mysql-cpu-2013-01 895572
  Show dependency treegraph
 
Reported: 2012-11-28 09:37 EST by Jan Lieskovsky
Modified: 2016-03-04 07:16 EST (History)
6 users (show)

See Also:
Fixed In Version: mysql 5.1.67, mysql 5.5.29
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-22 16:00:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2012-11-28 09:37:58 EST
A stack-based buffer overflow flaw was found in the way MySQL, a multi-user, multi-threaded SQL database server, performed verification if specific user had the right to access particular database. An authenticated database user could use this flaw to cause mysqld daemon crash (denial of service) or, potentially, to execute arbitrary code with the privileges of the user running the mysqld daemon, by providing a specially-crafted database name to the routine checking the access rights.

References:
[1] https://mariadb.atlassian.net/browse/MDEV-3884
[2] http://bugs.mysql.com/bug.php?id=67685 (private)

Relevant MariaDB patch:
[3] http://bazaar.launchpad.net/~maria-captains/maria/5.3/revision/2643.153.26
Comment 2 Jan Lieskovsky 2012-11-28 10:03:18 EST
This issue affects the versions of the mysql package, as shipped with Red Hat Enterprise Linux 5 and 6.

--

This issue affects the versions of the mysql package, as shipped with Fedora release of 16 and 17.
Comment 7 Huzaifa S. Sidhpurwala 2012-12-03 04:40:32 EST
*** Bug 882599 has been marked as a duplicate of this bug. ***
Comment 8 Huzaifa S. Sidhpurwala 2012-12-03 04:49:22 EST
As per http://seclists.org/oss-sec/2012/q4/392 , it was decided to use CVE-2012-5611 for this issue.
Comment 9 Jan Lieskovsky 2012-12-03 06:14:53 EST
Just a noted - the CVE-2012-5579 identifier has been rejected by Mitre:
-----------------------------------------------------------------------

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5611. Reason:
This candidate is a duplicate of CVE-2012-5611. Notes: All CVE users
should reference CVE-2012-5611 instead of this candidate. All
references and descriptions in this candidate have been removed to
prevent accidental usage.

=====

The CVE-2012-5611 identifier is the correct one to be used for referencing of this issue.
Comment 14 Huzaifa S. Sidhpurwala 2012-12-04 22:56:23 EST
Created mysql tracking bugs for this issue

Affects: fedora-all [bug 883642]
Comment 16 errata-xmlrpc 2012-12-07 06:39:07 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1551 https://rhn.redhat.com/errata/RHSA-2012-1551.html
Comment 17 Fedora Update System 2012-12-15 13:00:21 EST
mysql-5.5.28-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Fedora Update System 2012-12-21 07:02:44 EST
mysql-5.5.28-2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 21 Tomas Hoger 2013-01-03 09:11:11 EST
Fixed in MySQL versions 5.1.67 and 5.5.29:

http://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3854
http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4038

Noted in release notes:

  Very long database names in queries could cause the server to exit.
  (Bug #15912213)

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-67.html
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-29.html
Comment 26 Fedora Update System 2013-01-11 20:04:39 EST
mysql-5.5.28-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 27 Jan Lieskovsky 2013-01-16 08:38:59 EST
Oracle January 2013 CPU record for CVE-2012-5611:
  http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
Comment 28 errata-xmlrpc 2013-01-22 13:35:58 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:0180 https://rhn.redhat.com/errata/RHSA-2013-0180.html

Note You need to log in before you can comment on or make changes to this bug.