oss-sec mailing list archives
Re: MySQL 0-day - does it need a CVE?
From: Solar Designer <solar () openwall com>
Date: Fri, 10 Feb 2012 00:36:46 +0400
On Thu, Feb 09, 2012 at 10:09:44PM +0200, Henri Salo wrote:
Oracle MySQL Server CVE-2012-0492 Remote MySQL Server Vulnerability ??? http://www.securityfocus.com/bid/51516
Why this one? The table at the bottom of: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html lists 27 MySQL vulnerabilities, all with CVE IDs and CVSS scoring - but little other info. CVE-2012-0492 is one of them, but it does not stand out. (And I have no idea what it actually is, just like I have no idea about the remaining 26.) "This Critical Patch Update contains 27 new security fixes for Oracle MySQL. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password." That one is CVE-2011-2262, but per CVSS scoring it's just a DoS. I wish we had more info. Alexander
Current thread:
- MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Solar Designer (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Yves-Alexis Perez (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Yves-Alexis Perez (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Solar Designer (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 10)
- Re: MySQL 0-day - does it need a CVE? Solar Designer (Feb 11)
- Re: MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 24)
- Re: MySQL 0-day - does it need a CVE? Larry Stefonic (Feb 24)