mailing list archives
Re: MySQL 0-day - does it need a CVE?
From: Solar Designer <solar () openwall com>
Date: Fri, 10 Feb 2012 00:36:46 +0400
On Thu, Feb 09, 2012 at 10:09:44PM +0200, Henri Salo wrote:
Oracle MySQL Server CVE-2012-0492 Remote MySQL Server Vulnerability ??? http://www.securityfocus.com/bid/51516
Why this one?
The table at the bottom of:
lists 27 MySQL vulnerabilities, all with CVE IDs and CVSS scoring - but
little other info. CVE-2012-0492 is one of them, but it does not stand
out. (And I have no idea what it actually is, just like I have no idea
about the remaining 26.)
"This Critical Patch Update contains 27 new security fixes for Oracle
MySQL. 1 of these vulnerabilities may be remotely exploitable without
authentication, i.e., may be exploited over a network without the need
for a username and password."
That one is CVE-2011-2262, but per CVSS scoring it's just a DoS.
I wish we had more info.
Re: MySQL 0-day - does it need a CVE? Tomas Hoger (Feb 24)