openstack team mailing list archive

Thread
Date

Re: MySQL / MariaDB security vulnerability

To: Ewan Mellor <Ewan.Mellor@xxxxxxxxxxxxx>
From: David Busby <d.busby@xxxxxxxxxxxx>
Date: Mon, 11 Jun 2012 21:02:47 +0100
Cc: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <6005BE083BF501439A84DC3523BAC82DD702DC57ED@LONPMAILBOX01.citrite.net>

Thanks Ewan,

Please note my findings on this CVE and feel free to correct / reply
with anything I have missed.

I've found in my tests of this CVE today that Percona 55-5.5.24 is not
vulnerable
(http://repo.percona.com/centos/6/os/x86_64/Percona-Server-server-55-5.5.24-rel26.0.256.rhel6.x86_64.rpm), whilst mysql v 5.5.23 is (5.5.23-1 on FC17), as such it appears Percona is not vulnerable to this attack though I am unsure from which version onward; rdp as the changelog was last updated in Fed 2011 ...

Also in testing I found that host ACLs can differ this issue, in that to
exploit this issue you must use a valid user@host (unless of course
there are wildcards), this assume therfor in a secure setup the granted
host must originate the attack for the target user.

Cheers

David

On Mon, 2012-06-11 at 19:46 +0100, Ewan Mellor wrote:
> Anyone who is using OpenStack with MySQL / MariaDB, please see this
> _extremely_ dangerous security vulnerability, announced on Saturday:
> 
>  
> 
> https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql
> 
>  
> 
> Ewan.
> 
>  
> 
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

Attachment: signature.asc
Description: This is a digitally signed message part

References

MySQL / MariaDB security vulnerability
From: Ewan Mellor, 2012-06-11