[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] MySQL 0-day - does it need a CVE?
From:       Larry Stefonic <larry () yassl ! com>
Date:       2012-02-24 23:04:53
Message-ID: FF4D7923-ADBD-4843-84E3-53D3EDEC9DD3 () yassl ! com
[Download RAW message or body]


Kurt,

Thanks for the cc.  We're looking into the issue.

LS

Larry Stefonic
www.yassl.com
Skype:  Stefonic
http://twitter.com/CyaSSL
+1 206 369 4800

On Feb 24, 2012, at 12:28 PM, Kurt Seifried wrote:

> On 02/24/2012 03:11 AM, Tomas Hoger wrote:
>> On Thu, 09 Feb 2012 10:20:14 -0700 Kurt Seifried wrote:
>> 
>>> https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html
>> 
>> ...
>> 
>>> We are releasing a working MySQL 5.5.20 remote 0day exploit with this
>>> update.The exploit has been tested with
>>> mysql-5.5.20-debian6.0-i686.deb on Debian 6.0.
>> 
>> Note also:
>> 
>> https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html
>> http://partners.immunityinc.com/movies/VD-MySQL-5_5_20.mov
>> 
>> According to the video, it should be "yassl buffer overflow".
>> 
> 
> Ok according to the video:
> 
> This vulnerability affects the yaSSL authentication portion (so SSL
> certificate based authentication of clients).
> 
> This attack is "reliable", usually works on the first try, but if it
> fails it will DoS MySQL and MySQL will require a restart.
> 
> So it sounds like this might actually be a yaSSL vulnerability and not
> specific to MySQL. CC'ing support@yassl.com so they are aware of this
> potential issue.
> 
> Please use CVE-2012-0882 for this issue.
> 
> -- 
> Kurt Seifried Red Hat Security Response Team (SRT)
> 



[prev in list] [next in list] [prev in thread] [next in thread]