oss-sec mailing list archives
Re: CVE Request: MySQL: MyISAM temporary file issue
From: Ritwik Ghoshal <ritwik.ghoshal () oracle com>
Date: Wed, 10 Sep 2014 10:28:53 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please use CVE-2014-4274 for this issue. Please send an email to secalert_us () oracle com to contact Oracle for any security vulnerability related issues. More information is available at - http://www.oracle.com/us/support/assurance/vulnerability-remediation/reporting-security-vulnerabilities/index.html Thanks, - -Ritwik On 9/10/2014 10:15 AM, Ritwik Ghoshal wrote:
I'll look into this and get back to you shortly. Thanks, -Ritwik On 9/10/2014 9:29 AM, Kurt Seifried wrote:Technically speaking Oracle is a CNA and should be handling this, I have no idea how to contact them though, Mitre, can you guys reach out to them? Also does this affect MariaDB?On 10/09/14 10:00 AM, Salvatore Bonaccorso wrote:Hi The changes for MySQL 5.5.39[1] and 5.6.20[2] contain a reference to the following issue, which could be exploited by a local user to run arbitrary code in context of the mysqld server. MyISAM temporary files could be used to mount a code-execution attack. (Bug #18045646). This is also tracked in[3] and [4] mentioning as relevant fix [5]. Was a CVE already requested for this issue? If not, could one be assigned? Regards, Salvatore [1] https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html [2] https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-20.html [3] https://bugzilla.redhat.com/show_bug.cgi?id=1126271 [4] https://bugs.gentoo.org/show_bug.cgi?id=518718 [5] https://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4638
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUEIpRAAoJEB1zxS9196oudt4IAKDHu+phcRPSlXzXgjRMm5Tp Viv7ejTo2wANPK6hAD7/7aBjb2qAMvtY2HXUtm8spqA5199pV2mGSS7ItuQFBOCc FE0AKnPg6CoDZKe1hVhjOHveZiBJkKpGYOs74bxwhu1acPlF/oq38CWAV7yb8pjo 74Nuc+JErZGCIEVNJXpgrQMfHJ1OS8VbWCEtOkgLpU8fNBlwR9jMQQtlOqAv+PEB OA3nE5guX6CtHGCKa4YaMVmWh0au/q72R3fONP1WwAYrXjlBznovCdE9sZjzw1Np 01/51rso0ranMYN76h6DCztD6bQKVWJaDSOoGOJyD234EcF4DUb642ch9OAp+3A= =Qule -----END PGP SIGNATURE-----
Current thread:
- CVE Request: MySQL: MyISAM temporary file issue Salvatore Bonaccorso (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue Kurt Seifried (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 12)
- Re: CVE Request: MySQL: MyISAM temporary file issue Marc Deslauriers (Sep 16)
- Re: CVE Request: MySQL: MyISAM temporary file issue Henri Salo (Sep 16)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue Kurt Seifried (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue John Haxby (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 11)