Уязвимость CVE-2012-5612: Информация

Описание

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.

Важность: MEDIUM (6,5)

URL: https://nvd.nist.gov/vuln/detail/CVE-2012-5612
Опубликовано: 3 декабря 2012 г.
Изменено: 20 июля 2022 г.
Идентификатор типа ошибки: CWE-787

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
  • Mailing List
  • Third Party Advisory
23076
  • Exploit
  • Third Party Advisory
  • VDB Entry
20121201 MySQL (Linux) Heap Based Overrun PoC Zeroday
  • Exploit
  • Mailing List
  • Third Party Advisory
https://mariadb.atlassian.net/browse/MDEV-3908
  • Broken Link
  • Exploit
  • Patch
[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
  • Mailing List
  • Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
  • Vendor Advisory
USN-1703-1
  • Third Party Advisory
SUSE-SU-2013:0262
  • Mailing List
  • Third Party Advisory
MDVSA-2013:150
  • Broken Link
GLSA-201308-06
  • Third Party Advisory
MDVSA-2013:102
  • Broken Link
53372
  • Not Applicable
oval:org.mitre.oval:def:16960
  • Third Party Advisory

    1. Конфигурация 1

      cpe:2.3:a:mariadb:mariadb:10.0.0:*:*:*:*:*:*:*
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      5.2.0
      End excliding
      5.2.14
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      5.3.0
      End excliding
      5.3.12
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      5.5.0
      End excliding
      5.5.29
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      5.1.0
      End excliding
      5.1.67

      Конфигурация 2

      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
      Start including
      5.5.0
      End including
      5.5.28

      Конфигурация 3

      cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
      cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
      cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
      cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*

      Конфигурация 4

      cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Версия: v24.5.3
Наверх