[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] MySQL Denial of Service Zeroday PoC
- To: oss-security@xxxxxxxxxxxxxxxxxx, Kurt Seifried <kseifried@xxxxxxxxxx>
- Subject: Re: [Full-disclosure] MySQL Denial of Service Zeroday PoC
- From: Sergei Golubchik <serg@xxxxxxxxxxxx>
- Date: Thu, 28 Feb 2013 09:50:33 +0100
Hi, Kurt!
> > Cheerio, Kingcope
>
> So normally for MySQL issues Oracle would assign the CVE #. However in
> this case we have a bit of a time constraint (it's a weekend and this
> is blowing up quickly) and the impacts are potentially quite severe.
> So I've spoken with some other Red Hat SRT members and we feel it is
> best to get CVE #'s assigned for these issues quickly so we can refer
> to them properly.
>
> I am also adding MySQL, Oracle, MariaDB, OSS-SEC, Steven Christey,
> cve-assign and OSVDB to the CC so that everyone is aware of what is
> going on.
>
> http://seclists.org/fulldisclosure/2012/Dec/7
I've just looked at CVE-2012-5614 - it's not quite correct:
* it claims the bug was in UpdateXML - if you look at the exploit,
you'll see that it sends an invalid packet to the server, the
UpdateXML part is after the exit statement, so it's a dead code.
* it references https://mariadb.atlassian.net/browse/MDEV-3910
which is about the invalid packet, not about UpdateXML
* but MDEV-3910 also mentions that this invalid packet crash was
introduced in MySQL-5.5.18 and fixed in MySQL-5.5.21. While CVE entry
says that MySQL 5.5.19 and MariaDB 5.5.28a are vulnerable.
* UpdateXML on the other hand, was vulnerable only in MySQL, starting
from 5.6.6 and fixed in 5.6.10. Earlier MySQL versions and all MariaDB
are not affected.
Regards,
Sergei
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/