Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Zero Day MySQL Buffer Overflow - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Zero Day MySQL Buffer Overflow

A new stack-based buffer overflow vulnerability was released on Full Disclosure yesterday for MySQL. Depending of the user privileges, the flaw can cause MySQL to enumerate users, crash or possibly execute arbitrary code with the privileges of the user running MySQL.

The following CVEs have been assigned to track this MySQL vulnerability:

CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC Zeroday
CVE-2012-5612 MySQL (Linux) Heap Based Overrun PoC Zeroday
CVE-2012-5613 MySQL (Linux) Database Privilege Elevation Zeroday Exploit
CVE-2012-5614 MySQL Denial of Service Zeroday PoC
CVE-2012-5615 MySQL Remote Preauth User Enumeration Zeroday

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

427 Posts
ISC Handler
I tried the Linux vulnerabilities against my own server this morning (CET time zone).
All of them (including the Windows vulns) require that the sysadmin did not the proper job to setup MySQL server and/or the firewall protecting it.
The vulns are there and must be fixed, but the chances that someone could use them against a well protected and properly configured MySQL server are extremely low.
lrosa

5 Posts
- http://blog.trendmicro.com/trendlabs-security-intelligence/multiple-zero-day-poc-exploits-threaten-oracle-mysql-server/
Dec 6, 2012 - "... MySQL Database is famous for its high performance, high reliability and ease of use. It runs on both Windows and many non-Windows platforms like UNIX, Mac OS, Solaris, IBM AIX, etc. It has been the fastest growing application and the choice of big companies such as Facebook, Google, and Adobe among others. Given its popularity, cybercriminals and other attackers are definitely eyeing this platform..."
.
Jack

160 Posts

Sign Up for Free or Log In to start participating in the conversation!