Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5615

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-5615
Last Modified 17 Oct 2014 02:39:11
Published 03 Dec 2012 07:49:43
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5615

Summary

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.

Vulnerable Systems

Application

  • Mariadb 5.1.66

  • Mariadb 5.2.13

  • Mariadb 5.3.11

  • Mariadb 5.5.28a

  • Oracle Mysql 5.5.19


References

CONFIRM - https://mariadb.atlassian.net/browse/MDEV-3909

MLIST - [oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday

FULLDISC - 20121201 MySQL Remote Preauth User Enumeration Zeroday

SUSE - SUSE-SU-2013:0262

GENTOO - GLSA-201308-06

MANDRIVA - MDVSA-2013:102

SECUNIA - 53372

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html


Last Updated: 27 May 2016 11:01:25