lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 28 Feb 2013 09:50:33 +0100
From: Sergei Golubchik <serg@...monty.org>
To: oss-security@...ts.openwall.com, Kurt Seifried <kseifried@...hat.com>
Cc: full-disclosure@...ts.grok.org.uk, security@...iadb.org,
	Steven Christey <coley@...re.org>
Subject: Re: MySQL Denial of Service Zeroday PoC

Hi, Kurt!

> > Cheerio, Kingcope
> 
> So normally for MySQL issues Oracle would assign the CVE #. However in
> this case we have a bit of a time constraint (it's a weekend and this
> is blowing up quickly)  and the impacts are potentially quite severe.
> So I've spoken with some other Red Hat SRT members and we feel it is
> best to get CVE #'s assigned for these issues quickly so we can refer
> to them properly.
> 
> I am also adding MySQL, Oracle, MariaDB, OSS-SEC, Steven Christey,
> cve-assign and OSVDB to the CC so that everyone is aware of what is
> going on.
> 
> http://seclists.org/fulldisclosure/2012/Dec/7

I've just looked at CVE-2012-5614 - it's not quite correct:

* it claims the bug was in UpdateXML - if you look at the exploit,
  you'll see that it sends an invalid packet to the server, the
  UpdateXML part is after the exit statement, so it's a dead code.

* it references https://mariadb.atlassian.net/browse/MDEV-3910
  which is about the invalid packet, not about UpdateXML

* but MDEV-3910 also mentions that this invalid packet crash was
  introduced in MySQL-5.5.18 and fixed in MySQL-5.5.21. While CVE entry
  says that MySQL 5.5.19 and MariaDB 5.5.28a are vulnerable.

* UpdateXML on the other hand, was vulnerable only in MySQL, starting
  from 5.6.6 and fixed in 5.6.10. Earlier MySQL versions and all MariaDB
  are not affected.

Regards,
Sergei

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ