Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Sun, 2 Dec 2012 21:46:26 -0500 (EST)


(removed the full-disclosure/bugtraq mailing lists, they don't need to be further spammed with minor CVE assignment details.)


On Sun, 2 Dec 2012, Sergei Golubchik wrote:

Hi, Huzaifa!

Here's the vendor's reply:

On Dec 02, Huzaifa Sidhpurwala wrote:

* CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC Zeroday
http://seclists.org/fulldisclosure/2012/Dec/4
https://bugzilla.redhat.com/show_bug.cgi?id=882599

A duplicate of CVE-2012-5579
Already fixed in all stable MariaDB version.

Kurt - I suggest we REJECT CVE-2012-5579 and preserve CVE-2012-5611 because of the strong likelihood that CVE-2012-5611 will be more commonly referenced in the very near future.

* CVE-2012-5613 MySQL (Linux) Database Privilege Elevation Zeroday
Exploit
http://seclists.org/fulldisclosure/2012/Dec/6
https://bugzilla.redhat.com/show_bug.cgi?id=882606

Not a bug. MySQL manual specifies many times very explicitly:

===
  * Do not grant the `FILE' privilege to nonadministrative users. Any

Misconfigurations generally should not be captured with CVE IDs. At best, we will probably describe CVE-2012-5613 to emphasis the sysadmin's role.

Just to toss a droplet of esoteric commentary into the bloodbath - while I generally agree with the belief that distinct privileges should imply boundaries that can not be broken, the reality is that most privilege models are not well-documented or well-understood, and some privileges might (by design) be effectively equivalent. So, privilege issues aren't necessarily guaranteed to be treated as vulnerabilities if they don't violate the intended security policy. There was some discussion about this kind of challenge in the Linux kernel on oss-security a while back that makes my head hurt just thinking about it.

* CVE-2012-5615 MySQL Remote Preauth User Enumeration Zeroday
http://seclists.org/fulldisclosure/2012/Dec/9
https://bugzilla.redhat.com/show_bug.cgi?id=882608

This is hardly a "zeroday" issue, it was known for, like, ten years.

Does anybody have any URLs for older reports of this issue?

- Steve


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault