Lucene search

K

PRIOn knowledge basePRION:CVE-2012-5627

HistoryOct 01, 2013 - 5:55 p.m.

Command injection

2013-10-0117:55:00

PRIOn knowledge base

www.prio-n.com

3

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.2%

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

CPENameOperatorVersion
mariadbeq10.0.0
mariadbge5.2.0
mariadblt5.2.14
mariadbge5.3.0
mariadblt5.3.12
mariadbge5.5.0
mariadblt5.5.29
mysqlge5.5.0
mysqllt5.5.29

References

seclists.org/fulldisclosure/2012/Dec/58

seclists.org/fulldisclosure/2012/Dec/83

seclists.org/oss-sec/2012/q4/424

secunia.com/advisories/53372

security.gentoo.org/glsa/glsa-201308-06.xml

www.mandriva.com/security/advisories?name=MDVSA-2013:102

bugzilla.redhat.com/show_bug.cgi?id=883719

mariadb.atlassian.net/browse/MDEV-3915

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.2%

Related for PRION:CVE-2012-5627

cve1 ubuntucve1 cvelist1 openvas4 mariadbunix1 cbl_mariner2 nessus11 nvd1 seebug1 altlinux1 freebsd1 gentoo1