Thanks Ewan, Please note my findings on this CVE and feel free to correct / reply with anything I have missed.
I've found in my tests of this CVE today that Percona 55-5.5.24 is not vulnerable (http://repo.percona.com/centos/6/os/x86_64/Percona-Server-server-55-5.5.24-rel26.0.256.rhel6.x86_64.rpm), whilst mysql v 5.5.23 is (5.5.23-1 on FC17), as such it appears Percona is not vulnerable to this attack though I am unsure from which version onward; rdp as the changelog was last updated in Fed 2011 ... Also in testing I found that host ACLs can differ this issue, in that to exploit this issue you must use a valid user@host (unless of course there are wildcards), this assume therfor in a secure setup the granted host must originate the attack for the target user. Cheers David On Mon, 2012-06-11 at 19:46 +0100, Ewan Mellor wrote: > Anyone who is using OpenStack with MySQL / MariaDB, please see this > _extremely_ dangerous security vulnerability, announced on Saturday: > > > > https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql > > > > Ewan. > > > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
