oss-sec mailing list archives
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Sun, 2 Dec 2012 21:46:26 -0500 (EST)
(removed the full-disclosure/bugtraq mailing lists, they don't need to be further spammed with minor CVE assignment details.)
On Sun, 2 Dec 2012, Sergei Golubchik wrote:
Hi, Huzaifa! Here's the vendor's reply: On Dec 02, Huzaifa Sidhpurwala wrote:* CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC Zeroday http://seclists.org/fulldisclosure/2012/Dec/4 https://bugzilla.redhat.com/show_bug.cgi?id=882599A duplicate of CVE-2012-5579 Already fixed in all stable MariaDB version.
Kurt - I suggest we REJECT CVE-2012-5579 and preserve CVE-2012-5611 because of the strong likelihood that CVE-2012-5611 will be more commonly referenced in the very near future.
* CVE-2012-5613 MySQL (Linux) Database Privilege Elevation Zeroday Exploit http://seclists.org/fulldisclosure/2012/Dec/6 https://bugzilla.redhat.com/show_bug.cgi?id=882606Not a bug. MySQL manual specifies many times very explicitly: === * Do not grant the `FILE' privilege to nonadministrative users. Any
Misconfigurations generally should not be captured with CVE IDs. At best, we will probably describe CVE-2012-5613 to emphasis the sysadmin's role.
Just to toss a droplet of esoteric commentary into the bloodbath - while I generally agree with the belief that distinct privileges should imply boundaries that can not be broken, the reality is that most privilege models are not well-documented or well-understood, and some privileges might (by design) be effectively equivalent. So, privilege issues aren't necessarily guaranteed to be treated as vulnerabilities if they don't violate the intended security policy. There was some discussion about this kind of challenge in the Linux kernel on oss-security a while back that makes my head hurt just thinking about it.
* CVE-2012-5615 MySQL Remote Preauth User Enumeration Zeroday http://seclists.org/fulldisclosure/2012/Dec/9 https://bugzilla.redhat.com/show_bug.cgi?id=882608This is hardly a "zeroday" issue, it was known for, like, ten years.
Does anybody have any URLs for older reports of this issue? - Steve
Current thread:
- Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Kurt Seifried (Dec 01)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Huzaifa Sidhpurwala (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Yves-Alexis Perez (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope (Dec 03)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Steven M. Christey (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Kurt Seifried (Dec 02)