vulnerable to MITM attack which would allow exfiltration of MySQL configuration information via --version-check

Bug #1408375 reported by David Busby
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona Toolkit moved to https://jira.percona.com/projects/PT
Fix Released
High
Frank Cizmich
Percona XtraBackup moved to https://jira.percona.com/projects/PXB
Fix Released
High
Alexey Kopytov
2.2
Fix Released
High
Alexey Kopytov
2.3
Fix Released
High
Alexey Kopytov

Bug Description

An issue exists within percona-toolkit which allows for the disclosure of MySQL configuration information during a MITM attack against the version-check functionality.

P.O.C exists for this issue and has been circulated internally; this bug serves as the tracker for this issue at this time and will be updated with relevant information.

CVE-2015-1027

Related branches

CVE References

Changed in percona-toolkit:
status: New → In Progress
milestone: none → 2.2.13
assignee: nobody → Frank Cizmich (frank-cizmich)
importance: Undecided → High
Revision history for this message
David Busby (d-busby) wrote :

CVE-2015-1027 has ben reserved as an identifier for this issue

description: updated
Changed in percona-toolkit:
status: In Progress → Fix Committed
Changed in percona-toolkit:
status: Fix Committed → Fix Released
Revision history for this message
David Busby (d-busby) wrote :

This needs to be marked against teh correct xtrabackup project also

no longer affects: percona-xtrabackup (Ubuntu)
affects: percona-xtrabackup (Ubuntu) → percona-xtrabackup
Changed in percona-xtrabackup:
importance: Undecided → High
assignee: nobody → Alexey Kopytov (akopytov)
information type: Private Security → Public
Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXB-418

Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PT-385

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.