Uploaded image for project: 'Percona Server for MySQL'
  1. Percona Server for MySQL
  2. PS-659

LP #1172090: Integrate patch from MariaDB MDEV-3915 into Percona Server

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None

      Description

      **Reported in Launchpad by Jaime Sicam last update 14-10-2013 09:59:53

      Percona Server is affected by this bug CVE-2012-5627 where if the intruder has a unprivileged MySQL account, he can do massive brute force login attacks on other user accounts. Testing this vulnerability is described further here: http://seclists.org/fulldisclosure/2012/Dec/58

      MariaDB has provided a solution which has been available in 5.5.29 - https://mariadb.atlassian.net/browse/MDEV-3915
      It maybe best to implement MariaDB's solution or a custom solution to solve this bug on Percona Server.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            lpjirasync lpjirasync (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Smart Checklist