Vulnerabilities > CVE-2012-0115 - Remote vulnerability in Oracle MySQL

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
mysql
oracle
nessus

Summary

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Configurations

Part Description Count
Application
Mysql
6
Application
Oracle
87

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201308-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201308-06 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id69508
    published2013-08-30
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69508
    titleGLSA-201308-06 : MySQL: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-274.NASL
    descriptionmariadb update to version 5.2.12 fixes several security issues and bugs. Please refer to the following upstream announcements for details : http://kb.askmonty.org/v/mariadb-5212-release-notes http://kb.askmonty.org/v/mariadb-5211-release-notes http://kb.askmonty.org/v/mariadb-5210-release-notes
    last seen2020-06-05
    modified2014-06-13
    plugin id74624
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74624
    titleopenSUSE Security Update : mariadb (openSUSE-2012-274)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0105.NASL
    descriptionFrom Red Hat Security Advisory 2012:0105 : Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492) These updated packages upgrade MySQL to version 5.1.61. Refer to the MySQL release notes for a full list of changes : http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id68453
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68453
    titleOracle Linux 6 : mysql (ELSA-2012-0105)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-273.NASL
    descriptionmysql update to version 5.5.23 fixes several security issues and bugs. Please refer to the following upstream announcements for details : - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-16.html - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-17.html - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-18.html - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-19.html - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-20.html - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-21.html - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-23.html
    last seen2020-06-05
    modified2014-06-13
    plugin id74623
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74623
    titleopenSUSE Security Update : mysql-community-server (openSUSE-2012-273)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1397-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information : http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.ht ml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id58325
    published2012-03-13
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58325
    titleUbuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1397-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-0987.NASL
    descriptionUpdate to MySQL 5.5.20, for various fixes described at http://dev.mysql.com/doc/refman/5.5/en/news-5-5-20.html as well as security fixes described at http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.ht ml Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-02-13
    plugin id57899
    published2012-02-13
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57899
    titleFedora 15 : mysql-5.5.20-1.fc15 (2012-0987)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL14410.NASL
    descriptionFor BIG-IP systems using the MySQL database, the following MySQL vulnerabilities may allow local users to gain knowledge of sensitive information, manipulate certain data, or cause a Denial of Service (DoS):CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0112 CVE-2012-0113 CVE-2012-0114 CVE-2012-0115 CVE-2012-0116 CVE-2012-0117 CVE-2012-0118 CVE-2012-0119 CVE-2012-0120 CVE-2012-0484 CVE-2012-0485 CVE-2012-0486 CVE-2012-0487 CVE-2012-0488 CVE-2012-0489 CVE-2012-0490 CVE-2012-0491 CVE-2012-0492 CVE-2012-0493 CVE-2012-0494 CVE-2012-0495 CVE-2012-0496 For Enterprise Manager systems, the following MySQL vulnerability may also allow remote users to gain knowledge of sensitive information, manipulate certain data, or cause a DoS : CVE-2011-2262
    last seen2020-06-01
    modified2020-06-02
    plugin id78149
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78149
    titleF5 Networks BIG-IP : Multiple MySQL vulnerabilities (K14410)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2012-44.NASL
    descriptionThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2011-2262 , CVE-2012-0075 , CVE-2012-0087 , CVE-2012-0101 , CVE-2012-0102 , CVE-2012-0112 , CVE-2012-0113 , CVE-2012-0114 , CVE-2012-0115 , CVE-2012-0116 , CVE-2012-0118 , CVE-2012-0119 , CVE-2012-0120 , CVE-2012-0484 , CVE-2012-0485 , CVE-2012-0490 , CVE-2012-0492) These updated packages upgrade MySQL to version 5.1.61. Refer to the MySQL release notes for a full list of changes :
    last seen2020-06-01
    modified2020-06-02
    plugin id69651
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69651
    titleAmazon Linux AMI : mysql (ALAS-2012-44)
  • NASL familyDatabases
    NASL idMYSQL_5_5_20.NASL
    descriptionThe version of MySQL 5.5 installed on the remote host is earlier than 5.5.20. Such versions are affected by multiple, as yet unspecified vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id57606
    published2012-01-19
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57606
    titleMySQL 5.5 < 5.5.20 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2429.NASL
    descriptionDue to the non-disclosure of security patch information from Oracle, we are forced to ship an upstream version update of MySQL 5.1. There are several known incompatible changes, which are listed in /usr/share/doc/mysql-server/NEWS.Debian.gz. Several security vulnerabilities were discovered in MySQL, a database management system. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.61, which includes additional changes, such as performance improvements and corrections for data loss defects. These changes are described in the MySQL release notes at: .
    last seen2020-03-17
    modified2012-03-08
    plugin id58277
    published2012-03-08
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58277
    titleDebian DSA-2429-1 : mysql-5.1 - several vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0105.NASL
    descriptionUpdated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492) These updated packages upgrade MySQL to version 5.1.61. Refer to the MySQL release notes for a full list of changes : http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-04-16
    modified2012-02-09
    plugin id57871
    published2012-02-09
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57871
    titleRHEL 6 : mysql (RHSA-2012:0105)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120208_MYSQL_ON_SL6_X.NASL
    descriptionMySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492) These updated packages upgrade MySQL to version 5.1.61. Refer to the MySQL release notes for a full list of changes : http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-03-18
    modified2012-08-01
    plugin id61239
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61239
    titleScientific Linux Security Update : mysql on SL6.x i386/x86_64 (20120208)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-0972.NASL
    description - Update to MySQL 5.5.20, for various fixes described at http://dev.mysql.com/doc/refman/5.5/en/news-5-5-20.html as well as security fixes described at http://www.oracle.com/technetwork/topics/security/cpujan 2012-366304.html - Re-include the mysqld logrotate script, now that it
    last seen2020-03-17
    modified2012-02-09
    plugin id57865
    published2012-02-09
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57865
    titleFedora 16 : mysql-5.5.20-1.fc16 (2012-0972)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0105.NASL
    descriptionUpdated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492) These updated packages upgrade MySQL to version 5.1.61. Refer to the MySQL release notes for a full list of changes : http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id57878
    published2012-02-10
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57878
    titleCentOS 6 : mysql (CESA-2012:0105)
  • NASL familyDatabases
    NASL idMYSQL_5_1_61.NASL
    descriptionThe version of MySQL 5.1 installed on the remote host is earlier than 5.1.61. Such versions are affected by multiple, as yet unspecified vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id57605
    published2012-01-19
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57605
    titleMySQL 5.1 < 5.1.61 Multiple Vulnerabilities

Redhat

rpms
  • mysql-0:5.1.61-1.el6_2.1
  • mysql-bench-0:5.1.61-1.el6_2.1
  • mysql-debuginfo-0:5.1.61-1.el6_2.1
  • mysql-devel-0:5.1.61-1.el6_2.1
  • mysql-embedded-0:5.1.61-1.el6_2.1
  • mysql-embedded-devel-0:5.1.61-1.el6_2.1
  • mysql-libs-0:5.1.61-1.el6_2.1
  • mysql-server-0:5.1.61-1.el6_2.1
  • mysql-test-0:5.1.61-1.el6_2.1