Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Zero Day MySQL Buffer Overflow

Published: 2012-12-02
Last Updated: 2012-12-02 20:43:19 UTC
by Guy Bruneau (Version: 1)
2 comment(s)

A new stack-based buffer overflow vulnerability was released on Full Disclosure yesterday for MySQL. Depending of the user privileges, the flaw can cause MySQL to enumerate users, crash or possibly execute arbitrary code with the privileges of the user running MySQL.

The following CVEs have been assigned to track this MySQL vulnerability:

CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC Zeroday
CVE-2012-5612 MySQL (Linux) Heap Based Overrun PoC Zeroday
CVE-2012-5613 MySQL (Linux) Database Privilege Elevation Zeroday Exploit
CVE-2012-5614 MySQL Denial of Service Zeroday PoC
CVE-2012-5615 MySQL Remote Preauth User Enumeration Zeroday

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

2 comment(s)
Diary Archives