oss-sec mailing list archives
Re: MySQL 0-day - does it need a CVE?
From: Tomas Hoger <thoger () redhat com>
Date: Fri, 24 Feb 2012 11:11:07 +0100
On Thu, 09 Feb 2012 10:20:14 -0700 Kurt Seifried wrote:
https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html
...
We are releasing a working MySQL 5.5.20 remote 0day exploit with this update.The exploit has been tested with mysql-5.5.20-debian6.0-i686.deb on Debian 6.0.
Note also: https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html http://partners.immunityinc.com/movies/VD-MySQL-5_5_20.mov According to the video, it should be "yassl buffer overflow". -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Solar Designer (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Yves-Alexis Perez (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Yves-Alexis Perez (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Solar Designer (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 10)
- Re: MySQL 0-day - does it need a CVE? Solar Designer (Feb 11)
- Re: MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 24)
- Re: MySQL 0-day - does it need a CVE? Larry Stefonic (Feb 24)