1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
PublicDateAtUSN: 2012-12-03
Candidate: CVE-2012-5612
PublicDate: 2012-12-03
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5612
http://seclists.org/fulldisclosure/2012/Dec/5
http://www.openwall.com/lists/oss-security/2012/12/02/4
http://www.openwall.com/lists/oss-security/2012/12/02/3
http://www.exploit-db.com/exploits/23076
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
http://www.ubuntu.com/usn/usn-1703-1
Description:
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions
through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows
remote authenticated users to cause a denial of service (memory corruption
and crash) and possibly execute arbitrary code, as demonstrated using
certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW
FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE,
(8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12)
SET PASSWORD commands.
Ubuntu-Description:
Notes:
https://launchpad.net/bugs/1100264
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695001
https://mariadb.atlassian.net/browse/MDEV-3908
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
Patches_mysql-5.5:
upstream_mysql-5.5: released (5.5.29)
hardy_mysql-5.5: DNE
lucid_mysql-5.5: DNE
oneiric_mysql-5.5: DNE
precise_mysql-5.5: released (5.5.29-0ubuntu0.12.04.1)
quantal_mysql-5.5: released (5.5.29-0ubuntu0.12.10.1)
devel_mysql-5.5: released (5.5.29-0ubuntu1)
|