MariaDB fixes zero day vulnerability in MySQL
A recently published security vulnerability in the MySQL open source database has been met with fixes by the developers of the open source MariaDB fork. The updates take care of the CVE 2012-5579 buffer overflow problem, which an attacker could use to crash the database server or execute arbitrary shell code with the same privileges as the database process. The MariaDB developers say that another vulnerability (CVE 2012-5611), despite being reported separately, is just a duplicate of CVE 2012-5579.
They also suggest that a third problem (CVE 2012-5613) is not actually a bug in the database's code, but is documented server behaviour that can only be exploited in the case of misconfiguration. The issue here is the
FILE privilege, which allows users to upload files to the database or to use MySQL to store them in a local filesystem. The manual says that, at most, database administrators should have this privilege. Sergei Golubchik, MariaDB's security expert, also points out that the
--secure-file-priv server option can be used to limit file operations to one directory.
On the other hand, the MariaDB developers did confirm the CVEs 2012-5612 (heap overrun) and 2012-5614 (denial of service via a manipulated communication packet). But then they also note that a supposed zero day vulnerability that enumerates MySQL users has been known about for ten years.
MariaDB versions 5.1, 5.2, 5.3 and 5.5, in which CVE 2012-5579 is fixed, are available for download. MySQL provider Oracle has yet to confirm the vulnerabilities, much less provide updated software.