Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4414

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-4414
Last Modified 05 Dec 2013 12:17:42
Published 22 Jan 2013 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-4414

Summary

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

Vulnerable Systems

Application

  • Mariadb 5.1.41

  • Mariadb 5.1.42

  • Mariadb 5.1.44

  • Mariadb 5.1.47

  • Mariadb 5.1.49

  • Mariadb 5.1.50

  • Mariadb 5.1.51

  • Mariadb 5.1.53

  • Mariadb 5.1.55

  • Mariadb 5.1.60

  • Mariadb 5.1.61

  • Mariadb 5.1.62

  • Mariadb 5.2.0

  • Mariadb 5.2.1

  • Mariadb 5.2.10

  • Mariadb 5.2.11

  • Mariadb 5.2.12

  • Mariadb 5.2.2

  • Mariadb 5.2.3

  • Mariadb 5.2.4

  • Mariadb 5.2.5

  • Mariadb 5.2.6

  • Mariadb 5.2.7

  • Mariadb 5.2.8

  • Mariadb 5.2.9

  • Mariadb 5.3.0

  • Mariadb 5.3.1

  • Mariadb 5.3.2

  • Mariadb 5.3.3

  • Mariadb 5.3.4

  • Mariadb 5.3.5

  • Mariadb 5.3.6

  • Mariadb 5.3.7

  • Mariadb 5.5.20

  • Mariadb 5.5.21

  • Mariadb 5.5.22

  • Mariadb 5.5.23

  • Mariadb 5.5.24

  • Mariadb 5.5.25

  • Oracle Mysql 5.1.51

  • Oracle Mysql 5.1.52

  • Oracle Mysql 5.1.53

  • Oracle Mysql 5.1.54

  • Oracle Mysql 5.1.55

  • Oracle Mysql 5.1.56

  • Oracle Mysql 5.1.57

  • Oracle Mysql 5.1.58

  • Oracle Mysql 5.1.59

  • Oracle Mysql 5.1.60

  • Oracle Mysql 5.1.61

  • Oracle Mysql 5.1.62

  • Oracle Mysql 5.1.63

  • Oracle Mysql 5.1.64

  • Oracle Mysql 5.1.65

  • Oracle Mysql 5.1.66

  • Oracle Mysql 5.1.67

  • Oracle Mysql 5.5.10

  • Oracle Mysql 5.5.11

  • Oracle Mysql 5.5.12

  • Oracle Mysql 5.5.13

  • Oracle Mysql 5.5.14

  • Oracle Mysql 5.5.15

  • Oracle Mysql 5.5.16

  • Oracle Mysql 5.5.17

  • Oracle Mysql 5.5.18

  • Oracle Mysql 5.5.19

  • Oracle Mysql 5.5.20

  • Oracle Mysql 5.5.21

  • Oracle Mysql 5.5.22

  • Oracle Mysql 5.5.23

  • Oracle Mysql 5.5.24

  • Oracle Mysql 5.5.25

  • Oracle Mysql 5.5.26

  • Oracle Mysql 5.5.27

  • Oracle Mysql 5.5.28


References

CONFIRM - https://mariadb.atlassian.net/browse/MDEV-382

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=852144

BID - 55498

MLIST - [oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB

MISC - http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/

MISC - http://bugs.mysql.com/bug.php?id=66550

SUSE - openSUSE-SU-2013:0156

SUSE - openSUSE-SU-2013:0135

SUSE - openSUSE-SU-2013:0014

SUSE - openSUSE-SU-2013:0011

MANDRIVA - MDVSA-2013:150

MANDRIVA - MDVSA-2013:102


Last Updated: 27 May 2016 10:51:50