Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: MySQL 0-day - does it need a CVE?
From: Tomas Hoger <thoger () redhat com>
Date: Fri, 24 Feb 2012 11:11:07 +0100

On Thu, 09 Feb 2012 10:20:14 -0700 Kurt Seifried wrote:

https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html

...

We are releasing a working MySQL 5.5.20 remote 0day exploit with this
update.The exploit has been tested with
mysql-5.5.20-debian6.0-i686.deb on Debian 6.0.

Note also:

https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html
http://partners.immunityinc.com/movies/VD-MySQL-5_5_20.mov

According to the video, it should be "yassl buffer overflow".

-- 
Tomas Hoger / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]