Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2012/Dec/58 | Exploit Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2012/Dec/83 | Exploit Mailing List Third Party Advisory |
http://seclists.org/oss-sec/2012/q4/424 | Mailing List Third Party Advisory |
http://secunia.com/advisories/53372 | Not Applicable |
http://security.gentoo.org/glsa/glsa-201308-06.xml | Patch Third Party Advisory VDB Entry |
http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | Broken Link |
https://bugzilla.redhat.com/show_bug.cgi?id=883719 | Patch Issue Tracking Third Party Advisory |
https://mariadb.atlassian.net/browse/MDEV-3915 | Broken Link Vendor Advisory |
Configurations
History
29 Aug 2022, 20:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mariadb:mariadb:10.0.0:*:*:*:*:*:*:* |
18 May 2022, 15:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mariadb:mariadb:5.5.20:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.5.22:*:*:*:*:*:*:* cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.5.24:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.3.9:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.2.7:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.5.21:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.3.7:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.5.23:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.3.6:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.2.5:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.3.8:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.3.5:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.2.11:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.3.10:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.2.8:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.2.12:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.2.4:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.3.2:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.5.25:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.2.6:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.2.0:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.3.3:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.2.9:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.2.3:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.3.11:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.2.10:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.3.4:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.2.2:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.2.13:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.5.27:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.3.1:*:*:*:*:*:*:* cpe:2.3:a:mariadb:mariadb:5.5.28:*:*:*:*:*:*:* |
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
References | (FULLDISC) http://seclists.org/fulldisclosure/2012/Dec/83 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=883719 - Patch, Issue Tracking, Third Party Advisory | |
References | (CONFIRM) https://mariadb.atlassian.net/browse/MDEV-3915 - Broken Link, Vendor Advisory | |
CWE | CWE-522 | |
First Time |
Oracle
Oracle mysql |
Information
Published : 2013-10-01 17:55
Updated : 2023-12-10 11:16
NVD link : CVE-2012-5627
Mitre link : CVE-2012-5627
CVE.ORG link : CVE-2012-5627
JSON object : View
Products Affected
oracle
- mysql
mariadb
- mariadb
CWE
CWE-522
Insufficiently Protected Credentials