6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
53.7%
Multiple SQL injection vulnerabilities in the replication code in Oracle
MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x
through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote
authenticated users to execute arbitrary SQL commands via vectors related
to the binary log. NOTE: as of 20130116, Oracle has not commented on claims
from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
Author | Note |
---|---|
jdstrand | mysql-cluster-7.0 not supported per Ubuntu Server team As of 2012/01/09, Oracle no longer supports MySQL 5.0. Unfortunately, because of upstream update and commit policies it is not possible to backport patches from later releases. Ubuntu is regrettably unable to support MySQL 5.0 and users are encouraged to upgrade to Ubuntu 10.04 LTS or later. |
mdeslaur | incomplete fix in 5.5.29, see: http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ |
jdstrand | watch for fix in 5.5.31 Debian released 5.5.30+dfsg-1 claiming to have fixed this issue as of 2013-03-25, no complete fix from upstream |
seth-arnold | Not actually fixed in 1807-1 – my mistake |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 11.10 | noarch | mysql-5.1 | < 5.1.69-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | mysql-5.5 | < 5.5.31-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | mysql-5.5 | < 5.5.31-0ubuntu0.12.10.1 | UNKNOWN |
ubuntu | 13.04 | noarch | mysql-5.5 | < 5.5.31-0ubuntu0.13.04.1 | UNKNOWN |
ubuntu | 10.04 | noarch | mysql-dfsg-5.1 | < 5.1.69-0ubuntu0.10.04.1 | UNKNOWN |