Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0882

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-0882
Last Modified 21 Dec 2012 12:00:00
Published 21 Dec 2012 12:46:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0882

Summary

Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.

Vulnerable Systems

Application

  • Mysql 5.1

  • Mysql 5.1.1

  • Mysql 5.1.10

  • Mysql 5.1.11

  • Mysql 5.1.12

  • Mysql 5.1.13

  • Mysql 5.1.14

  • Mysql 5.1.15

  • Mysql 5.1.16

  • Mysql 5.1.17

  • Mysql 5.1.18

  • Mysql 5.1.19

  • Mysql 5.1.2

  • Mysql 5.1.20

  • Mysql 5.1.21

  • Mysql 5.1.22

  • Mysql 5.1.23

  • Mysql 5.1.23 Bk

  • Mysql 5.1.23a

  • Mysql 5.1.24

  • Mysql 5.1.25

  • Mysql 5.1.26

  • Mysql 5.1.27

  • Mysql 5.1.28

  • Mysql 5.1.29

  • Mysql 5.1.3

  • Mysql 5.1.30

  • Mysql 5.1.31

  • Mysql 5.1.32

  • Mysql 5.1.32-bzr

  • Mysql 5.1.33

  • Mysql 5.1.34

  • Mysql 5.1.35

  • Mysql 5.1.36

  • Mysql 5.1.37

  • Mysql 5.1.38

  • Mysql 5.1.39

  • Mysql 5.1.4

  • Mysql 5.1.40

  • Mysql 5.1.41

  • Mysql 5.1.42

  • Mysql 5.1.43

  • Mysql 5.1.44

  • Mysql 5.1.45

  • Mysql 5.1.46

  • Mysql 5.1.47

  • Mysql 5.1.48

  • Mysql 5.1.49

  • Mysql 5.1.5

  • Mysql 5.1.50

  • Mysql 5.1.5a

  • Mysql 5.1.6

  • Mysql 5.1.7

  • Mysql 5.1.8

  • Mysql 5.1.9

  • Mysql 5.5.0

  • Mysql 5.5.1

  • Mysql 5.5.2

  • Mysql 5.5.3

  • Mysql 5.5.4

  • Mysql 5.5.5

  • Mysql 5.5.6

  • Mysql 5.5.7

  • Mysql 5.5.8

  • Mysql 5.5.9

  • Oracle Mysql 5.1.51

  • Oracle Mysql 5.1.52

  • Oracle Mysql 5.1.53

  • Oracle Mysql 5.1.54

  • Oracle Mysql 5.1.55

  • Oracle Mysql 5.1.56

  • Oracle Mysql 5.1.57

  • Oracle Mysql 5.1.58

  • Oracle Mysql 5.1.59

  • Oracle Mysql 5.1.60

  • Oracle Mysql 5.1.61

  • Oracle Mysql 5.5.10

  • Oracle Mysql 5.5.11

  • Oracle Mysql 5.5.12

  • Oracle Mysql 5.5.13

  • Oracle Mysql 5.5.14

  • Oracle Mysql 5.5.15

  • Oracle Mysql 5.5.16

  • Oracle Mysql 5.5.17

  • Oracle Mysql 5.5.18

  • Oracle Mysql 5.5.19

  • Oracle Mysql 5.5.20

  • Oracle Mysql 5.5.21


References

MLIST - [Canvas] 20120223 VulnDisco MySQL 0day

MLIST - [Canvas] 20120207 VulnDisco Pack Professional 9.17

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=789141

MISC - https://blogs.oracle.com/sunsecurity/entry/cve_2012_0882buffer_overflow_vulnerability

MLIST - [oss-security] 20120224 Re: MySQL 0-day - does it need a CVE?


Last Updated: 27 May 2016 11:01:29