Hi Kingcope,
MySQL Server exploitable stack based overrun
Ver 5.5.19-log for Linux and below (tested with Ver 5.1.53-log
for suse-linux-gnu too) unprivileged user (any account
(anonymous account?), post auth) as illustrated below the
instruction pointer is overwritten with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/01/2012 02:26 PM, king cope wrote:
(see attachment)
Cheerio, Kingcope
So normally for MySQL issues Oracle would assign the CVE #. However in
this case we have a bit of a time constraint (it's a weekend and this
is blowing up quickly) and
Hi, Kurt!
This is CVE-2012-5579 that we've been discussing recently.
A test case it different, but it triggers exactly the same code.
MariaDB is not vulnerable as of 5.1.66, 5.2.13, 5.3.11, 5.5.28a.
Latest released MySQL versions are still affected, but Oracle knows
about this issue, so next
On 12/02/2012 11:30 AM, Kurt Seifried wrote:
So normally for MySQL issues Oracle would assign the CVE #. However in
this case we have a bit of a time constraint (it's a weekend and this
is blowing up quickly) and the impacts are potentially quite severe.
So I've spoken with some other Red Hat
Hi, Huzaifa!
Here's the vendor's reply:
On Dec 02, Huzaifa Sidhpurwala wrote:
* CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC Zeroday
http://seclists.org/fulldisclosure/2012/Dec/4
https://bugzilla.redhat.com/show_bug.cgi?id=882599
A duplicate of CVE-2012-5579
Already fixed in
On dim., 2012-12-02 at 21:17 +0100, king cope wrote:
My opinion is that the FILE to admin privilege elevation should be patched.
What is the reason to have FILE and ADMIN privileges seperated when
with this exploit
FILE privileges equate to ALL ADMIN privileges.
Maybe because you might not
Correct, I tell that from experience because I've seen many
configurations where the least privileged user has file privs enabled.
If we leave it that way the attackers will be more happy, it's not
decision to patch it or not, just a hint .
Regard,
Kingcope
2012/12/2 Yves-Alexis Perez
Hi, king cope!
On Dec 02, king cope wrote:
Hi,
My opinion is that the FILE to admin privilege elevation should be
patched. What is the reason to have FILE and ADMIN privileges
seperated when with this exploit FILE privileges equate to ALL ADMIN
privileges.
I understand that it's insecure