Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2012-4414
HistoryJan 22, 2013 - 12:00 a.m.

CVE-2012-4414

2013-01-2200:00:00
ubuntu.com
ubuntu.com
15

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.7%

JSON

Multiple SQL injection vulnerabilities in the replication code in Oracle
MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x
through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote
authenticated users to execute arbitrary SQL commands via vectors related
to the binary log. NOTE: as of 20130116, Oracle has not commented on claims
from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

Bugs

Notes

Author Note
jdstrand mysql-cluster-7.0 not supported per Ubuntu Server team As of 2012/01/09, Oracle no longer supports MySQL 5.0. Unfortunately, because of upstream update and commit policies it is not possible to backport patches from later releases. Ubuntu is regrettably unable to support MySQL 5.0 and users are encouraged to upgrade to Ubuntu 10.04 LTS or later.
mdeslaur incomplete fix in 5.5.29, see: http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/
jdstrand watch for fix in 5.5.31 Debian released 5.5.30+dfsg-1 claiming to have fixed this issue as of 2013-03-25, no complete fix from upstream
seth-arnold Not actually fixed in 1807-1 – my mistake
OSVersionArchitecturePackageVersionFilename
ubuntu11.10noarchmysql-5.1< 5.1.69-0ubuntu0.11.10.1UNKNOWN
ubuntu12.04noarchmysql-5.5< 5.5.31-0ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchmysql-5.5< 5.5.31-0ubuntu0.12.10.1UNKNOWN
ubuntu13.04noarchmysql-5.5< 5.5.31-0ubuntu0.13.04.1UNKNOWN
ubuntu10.04noarchmysql-dfsg-5.1< 5.1.69-0ubuntu0.10.04.1UNKNOWN

Related

prion 1
mariadbunix 1
cvelist 1
nessus 13
cve 1
nvd 1
suse 4
openvas 7
freebsd 1
oracle 1
prion
prion
Sql injection
2013-01-22 23:55:00
mariadbunix
mariadbunix
CVE-2012-4414
2013-01-22 23:55:02
cvelist
cvelist
CVE-2012-4414
2013-01-22 23:00:00
nessus
nessus
MySQL Binary Log SQL Injection
2013-02-08 00:00:00
MariaDB 5.3.0 < 5.3.8
2022-11-18 00:00:00
MariaDB Binary Log SQL Injection
2013-02-08 00:00:00
cve
cve
CVE-2012-4414
2013-01-22 23:55:02
nvd
nvd
CVE-2012-4414
2013-01-22 23:55:02
suse
suse
mariadb to 5.1.66 (important)
2013-01-23 14:06:17
mariadb to 5.2.13 (important)
2013-01-07 17:09:18
mysql-community-server: updated to 5.1.67 (important)
2013-01-23 14:05:08
openvas
openvas
SuSE Update for mariadb openSUSE-SU-2013:0011-1 (mariadb)
2013-03-11 00:00:00
openSUSE: Security Advisory for mariadb (openSUSE-SU-2013:0011-1)
2013-03-11 00:00:00
openSUSE: Security Advisory for mariadb (openSUSE-SU-2013:0014-1)
2013-03-11 00:00:00
freebsd
freebsd
mysql/mariadb/percona server -- multiple vulnerabilities
2012-12-01 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2013
2013-01-15 00:00:00

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.7%

JSON
Related for UB:CVE-2012-4414
prion1mariadbunix1cvelist1nessus13cve1nvd1suse4openvas7freebsd1oracle1