Important Security Fix for a Buffer Overflow Bug: MariaDB 5.5.28a, 5.3.11, 5.2.13 and 5.1.66 include a fix for CVE-2012-5579, a vulnerability that allowed an authenticated user to crash MariaDB server or to execute arbitrary code with the privileges of the mysqld process. This is a serious security issue. We recommend upgrading from older versions as soon as possible.
MariaDB 5.5.28a, 5.3.11, 5.2.13 and 5.1.66 (GA) binaries, packages, and source tarballs are now available for download from http://downloads.mariadb.org. So you can upgrade within your own major series.
Note that while this fix has just been published, some other vulnerabilities have been noted over the weekend also. Below a summary of these other CVEs as documented by Red Hat Security Response Team, with annotations by Sergei Gulubchik who is the Security Coordinator for MariaDB.
- CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC Zeroday
Duplicate of CVE-2012-5579 and already fixed in all stable MariaDB versions as indicated above.
- CVE-2012-5612 MySQL (Linux) Heap Based Overrun PoC Zeroday
Acknowledged by MariaDB security team, https://mariadb.atlassian.net/browse/MDEV-3908
- CVE-2012-5613 MySQL (Linux) Database Privilege Elevation Zeroday Exploit
Not a bug. MySQL manual specifies many times very explicitly [regarding granting access of the FILE privilege]. Thus, CVE-2012-5613 is not a bug, but a result of a misconfiguration, much like an anonymous ftp upload access to the $HOME of the ftp user.
- CVE-2012-5614 MySQL Denial of Service Zeroday PoC
Acknowledged by MariaDB security team, https://mariadb.atlassian.net/browse/MDEV-3910
- CVE-2012-5615 MySQL Remote Preauth User Enumeration Zeroday
Acknowledged as an old and well known fact. “This is hardly a “zeroday” issue, it was known for, like, ten years.” But I’ll see what we can do here, https://mariadb.atlassian.net/browse/MDEV-3909
See http://seclists.org/oss-sec/2012/q4/388 for Sergei’s full response.
Note that stock MySQL is also affected – in this post we’re just referring to the specific MariaDB fixes/releases/responses. It appears that Oracle has not yet made any releases for this security issue, which is unfortunate as the issues have been published and can therefore be easily exploited by malicious users. In the same thread referenced above it is stated that Oracle has been made aware of the issues so a fix should be forthcoming for people who use stock MySQL also.
Naturally these security advisories also affect anyone still running a 5.0 OurDelta or early 5.1 OurDelta version. Please upgrade urgently to the latest MariaDB 5.1 (5.1.66) or above. If you require any assistance with this, please contact Open Query. This advisory is also noted on the front page of ourdelta.org.