Thanks Ewan, Please note my findings on this CVE and feel free to correct / reply with anything I have missed. I've found in my tests of this CVE today that Percona 55-5.5.24 is not vulnerable (http://repo.percona.com/centos/6/os/x86_64/Percona-Server-server-55-5.5.24-rel26.0.256.rhel6.x86_64.rpm), whilst mysql v 5.5.23 is (5.5.23-1 on FC17), as such it appears Percona is not vulnerable to this attack though I am unsure from which version onward; rdp as the changelog was last updated in Fed 2011 ... Also in testing I found that host ACLs can differ this issue, in that to exploit this issue you must use a valid user at host (unless of course there are wildcards), this assume therfor in a secure setup the granted host must originate the attack for the target user. Cheers David On Mon, 2012-06-11 at 19:46 +0100, Ewan Mellor wrote: > Anyone who is using OpenStack with MySQL / MariaDB, please see this > _extremely_ dangerous security vulnerability, announced on Saturday: > > > > https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql > > > > Ewan. > > > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack at lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120611/fc1efc94/attachment.sig>