Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5612

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-5612
Last Modified 20 Feb 2014 11:55:26
Published 03 Dec 2012 07:49:43
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-5612

Summary

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.

Vulnerable Systems

Application

  • Mariadb 5.5.28a

  • Oracle Mysql 5.5.19


References

CONFIRM - https://mariadb.atlassian.net/browse/MDEV-3908

MLIST - [oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday

EXPLOIT-DB - 23076

FULLDISC - 20121201 MySQL (Linux) Heap Based Overrun PoC Zeroday

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

UBUNTU - USN-1703-1

SUSE - SUSE-SU-2013:0262

MANDRIVA - MDVSA-2013:150

GENTOO - GLSA-201308-06

MANDRIVA - MDVSA-2013:102

SECUNIA - 53372


Last Updated: 27 May 2016 10:55:13