CVE-2012-5612

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2012/Dec/5 Exploit Mailing List Third Party Advisory
http://secunia.com/advisories/53372 Not Applicable
http://security.gentoo.org/glsa/glsa-201308-06.xml Third Party Advisory
http://www.exploit-db.com/exploits/23076 Exploit Third Party Advisory VDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 Broken Link
http://www.openwall.com/lists/oss-security/2012/12/02/3 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/12/02/4 Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Vendor Advisory
http://www.ubuntu.com/usn/USN-1703-1 Third Party Advisory
https://mariadb.atlassian.net/browse/MDEV-3908 Broken Link Exploit Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16960 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2012/Dec/5 Exploit Mailing List Third Party Advisory
http://secunia.com/advisories/53372 Not Applicable
http://security.gentoo.org/glsa/glsa-201308-06.xml Third Party Advisory
http://www.exploit-db.com/exploits/23076 Exploit Third Party Advisory VDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 Broken Link
http://www.openwall.com/lists/oss-security/2012/12/02/3 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/12/02/4 Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Vendor Advisory
http://www.ubuntu.com/usn/USN-1703-1 Third Party Advisory
https://mariadb.atlassian.net/browse/MDEV-3908 Broken Link Exploit Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16960 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

History

21 Nov 2024, 01:44

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2012/Dec/5 - Exploit, Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2012/Dec/5 - Exploit, Mailing List, Third Party Advisory
References () http://secunia.com/advisories/53372 - Not Applicable () http://secunia.com/advisories/53372 - Not Applicable
References () http://security.gentoo.org/glsa/glsa-201308-06.xml - Third Party Advisory () http://security.gentoo.org/glsa/glsa-201308-06.xml - Third Party Advisory
References () http://www.exploit-db.com/exploits/23076 - Exploit, Third Party Advisory, VDB Entry () http://www.exploit-db.com/exploits/23076 - Exploit, Third Party Advisory, VDB Entry
References () http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 - Broken Link
References () http://www.openwall.com/lists/oss-security/2012/12/02/3 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2012/12/02/3 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2012/12/02/4 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2012/12/02/4 - Mailing List, Third Party Advisory
References () http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html - Vendor Advisory () http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html - Vendor Advisory
References () http://www.ubuntu.com/usn/USN-1703-1 - Third Party Advisory () http://www.ubuntu.com/usn/USN-1703-1 - Third Party Advisory
References () https://mariadb.atlassian.net/browse/MDEV-3908 - Broken Link, Exploit, Patch () https://mariadb.atlassian.net/browse/MDEV-3908 - Broken Link, Exploit, Patch
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16960 - Third Party Advisory () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16960 - Third Party Advisory

Information

Published : 2012-12-03 12:49

Updated : 2024-11-21 01:44


NVD link : CVE-2012-5612

Mitre link : CVE-2012-5612

CVE.ORG link : CVE-2012-5612


JSON object : View

Products Affected

mariadb

  • mariadb

suse

  • linux_enterprise_software_development_kit
  • linux_enterprise_server
  • linux_enterprise_desktop

canonical

  • ubuntu_linux

oracle

  • mysql
CWE
CWE-787

Out-of-bounds Write