Vulnerabilities > CVE-2012-5614

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
oracle
mariadb
redhat
nessus
exploit available

Summary

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.

Vulnerable Configurations

Part Description Count
Application
Oracle
121
Application
Mariadb
12
OS
Redhat
5

Exploit-Db

descriptionMySQL - Denial of Service PoC (0day). CVE-2012-5614. Dos exploit for linux platform
idEDB-ID:23078
last seen2016-02-02
modified2012-12-02
published2012-12-02
reporterkingcope
sourcehttps://www.exploit-db.com/download/23078/
titleMySQL - Denial of Service PoC 0day

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201308-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201308-06 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id69508
    published2013-08-30
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69508
    titleGLSA-201308-06 : MySQL: Multiple vulnerabilities
  • NASL familyDatabases
    NASL idMYSQL_5_1_69.NASL
    descriptionThe version of MySQL 5.1 installed on the remote host is earlier than 5.1.69 and is, therefore, potentially affected by vulnerabilities in the following components : - Data Manipulation Language - Information Schema - InnoDB - Server - Server Install - Server Locking - Server Optimizer - Server Options - Server Partition - Server Privileges - Server Types - Server XML
    last seen2020-06-01
    modified2020-06-02
    plugin id66177
    published2013-04-22
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66177
    titleMySQL 5.1 < 5.1.69 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0772.NASL
    descriptionUpdated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2012-5614, CVE-2013-1506, CVE-2013-1521, CVE-2013-1531, CVE-2013-1532, CVE-2013-1544, CVE-2013-1548, CVE-2013-1552, CVE-2013-1555, CVE-2013-2375, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392) These updated packages upgrade MySQL to version 5.1.69. Refer to the MySQL release notes listed in the References section for a full list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id66257
    published2013-04-30
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66257
    titleCentOS 6 : mysql (CESA-2013:0772)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-187.NASL
    descriptionThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id69746
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69746
    titleAmazon Linux AMI : mysql55 (ALAS-2013-187)
  • NASL familyDatabases
    NASL idMYSQL_5_5_31.NASL
    descriptionThe version of MySQL 5.5 installed on the remote host is earlier than 5.5.31 and is, therefore, potentially affected by vulnerabilities in the following components : - Data Manipulation Language - Information Schema - InnoDB - Prepared Statements - Server - Server Install - Server Locking - Server Options - Server Optimizer - Server Partition - Server Privileges - Server Replication - Server XML - Stored Procedure
    last seen2020-06-01
    modified2020-06-02
    plugin id66178
    published2013-04-22
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66178
    titleMySQL 5.5 < 5.5.31 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0772.NASL
    descriptionUpdated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2012-5614, CVE-2013-1506, CVE-2013-1521, CVE-2013-1531, CVE-2013-1532, CVE-2013-1544, CVE-2013-1548, CVE-2013-1552, CVE-2013-1555, CVE-2013-2375, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392) These updated packages upgrade MySQL to version 5.1.69. Refer to the MySQL release notes listed in the References section for a full list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id66225
    published2013-04-26
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66225
    titleRHEL 6 : mysql (RHSA-2013:0772)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0772.NASL
    descriptionFrom Red Hat Security Advisory 2013:0772 : Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2012-5614, CVE-2013-1506, CVE-2013-1521, CVE-2013-1531, CVE-2013-1532, CVE-2013-1544, CVE-2013-1548, CVE-2013-1552, CVE-2013-1555, CVE-2013-2375, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392) These updated packages upgrade MySQL to version 5.1.69. Refer to the MySQL release notes listed in the References section for a full list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id68817
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68817
    titleOracle Linux 6 : mysql (ELSA-2013-0772)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130425_MYSQL_ON_SL6_X.NASL
    descriptionThis update fixes several vulnerabilities in the MySQL database server. (CVE-2012-5614, CVE-2013-1506, CVE-2013-1521, CVE-2013-1531, CVE-2013-1532, CVE-2013-1544, CVE-2013-1548, CVE-2013-1552, CVE-2013-1555, CVE-2013-2375, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392) These updated packages upgrade MySQL to version 5.1.69. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-03-18
    modified2013-04-26
    plugin id66229
    published2013-04-26
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66229
    titleScientific Linux Security Update : mysql on SL6.x i386/x86_64 (20130425)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-186.NASL
    descriptionThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id69745
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69745
    titleAmazon Linux AMI : mysql51 (ALAS-2013-186)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/118553/mysql-dos.txt
idPACKETSTORM:118553
last seen2016-12-05
published2012-12-03
reporterKingcope
sourcehttps://packetstormsecurity.com/files/118553/Oracle-MySQL-5.5.19-log-Denial-Of-Service.html
titleOracle MySQL 5.5.19-log Denial Of Service

Redhat

advisories
rhsa
idRHSA-2013:0772
rpms
  • mysql-0:5.1.69-1.el6_4
  • mysql-bench-0:5.1.69-1.el6_4
  • mysql-debuginfo-0:5.1.69-1.el6_4
  • mysql-devel-0:5.1.69-1.el6_4
  • mysql-embedded-0:5.1.69-1.el6_4
  • mysql-embedded-devel-0:5.1.69-1.el6_4
  • mysql-libs-0:5.1.69-1.el6_4
  • mysql-server-0:5.1.69-1.el6_4
  • mysql-test-0:5.1.69-1.el6_4