Vulnerabilities > CVE-2012-5615 - Information Exposure vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
mariadb
oracle
CWE-200
nessus
exploit available
NVD
Published: 2012-12-03
Updated: 2023-02-13

Summary

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.

Vulnerable Configurations

Part Description Count
Application
Mariadb
4
Application
Oracle
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Exploit-Db

  • descriptionMySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot). CVE-2012-5615. Remote exploit for windows platform
    idEDB-ID:23073
    last seen2016-02-02
    modified2012-12-02
    published2012-12-02
    reporterkingcope
    sourcehttps://www.exploit-db.com/download/23073/
    titleMySQL 5.1/5.5 WiNDOWS REMOTE R00T mysqljackpot
  • descriptionMySQL - Remote Preauth User Enumeration (0day). CVE-2012-5615. Remote exploits for multiple platform
    idEDB-ID:23081
    last seen2016-02-02
    modified2012-12-02
    published2012-12-02
    reporterkingcope
    sourcehttps://www.exploit-db.com/download/23081/
    titleMySQL - Remote Preauth User Enumeration 0day

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201308-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201308-06 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id69508
    published2013-08-30
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69508
    titleGLSA-201308-06 : MySQL: Multiple vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1861.NASL
    descriptionUpdated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id79300
    published2014-11-18
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79300
    titleCentOS 7 : mariadb (CESA-2014:1861)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1807-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-69.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-31.html http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.h tml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id66215
    published2013-04-25
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66215
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-1807-1)
  • NASL familyDatabases
    NASL idMARIADB_10_0_13.NASL
    descriptionThe version of MariaDB installed on the remote host is prior to 10.0.13. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10013-release-notes advisory, including the following: - A flaw in OpenSSL which fails to properly restrict processing of ChangeCipherSpec messages. A man-in-the-middle attacker can exploit this, via a crafted TLS handshake, to force the use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, resulting in the session being hijacked and sensitive information being disclosed. (CVE-2014-0224) - A buffer overflow error in OpenSSL related to invalid DTLS fragment handling that can lead to execution of arbitrary code or denial of service. This is caused by improper validation on the fragment lengths in DTLS ClientHello messages. (CVE-2014-0195) - An unspecified vulnerability in MariaDB Server related to CLIENT:MYSQLDUMP that allows remote, authenticated users to affect confidentiality, integrity, and availability. (CVE-2014-6530) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129359
    published2019-09-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129359
    titleMariaDB 10.0.0 < 10.0.13 Multiple Vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-102.NASL
    descriptionUpdated mariadb packages includes fixes for the following security vulnerabilities : Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client (CVE-2012-3147). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol (CVE-2012-3158). Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete (CVE-2012-4414). Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command (CVE-2012-5611). A buffer overflow that can cause a server crash or arbitrary code execution (a variant of CVE-2012-5611) Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands (CVE-2012-5612). MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames (CVE-2012-5615). Be advised that for CVE-2012-5615 to be completely closed, it
    last seen2020-06-01
    modified2020-06-02
    plugin id66114
    published2013-04-20
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66114
    titleMandriva Linux Security Advisory : mariadb (MDVSA-2013:102)
  • NASL familyDatabases
    NASL idMYSQL_USER_ENUMERATION.NASL
    descriptionThe version of MySQL or MariaDB running on the remote host has a user enumeration vulnerability. A remote, unauthenticated attacker could exploit this to learn the names of valid database users. This information could be used to mount further attacks.
    last seen2020-06-01
    modified2020-06-02
    plugin id64263
    published2013-01-28
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64263
    titleMySQL Protocol Remote User Enumeration
  • NASL familyDatabases
    NASL idMYSQL_5_5_39.NASL
    descriptionThe version of MySQL installed on the remote host is version 5.5.x prior to 5.5.39. It is, therefore, affected by errors in the following components : - CLIENT:MYSQLADMIN - CLIENT:MYSQLDUMP - SERVER:CHARACTER SETS - SERVER:DDL - SERVER:DML - SERVER:MEMORY STORAGE ENGINE - SERVER:MyISAM - SERVER:PRIVILEGES AUTHENTICATION PLUGIN API - SERVER:REPLICATION ROW FORMAT BINARY LOG DML - SERVER:SSL:yaSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id77669
    published2014-09-12
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77669
    titleMySQL 5.5.x < 5.5.39 Multiple Vulnerabilities (October 2014 CPU)
  • NASL familyDatabases
    NASL idMARIADB_5_5_29.NASL
    descriptionThe version of MariaDB 5.5 running on the remote host is prior to 5.5.29. It is, therefore, potentially affected by vulnerabilities in the following components : - Information Schema - InnoDB - MyISAM - Server - Server Locking - Server Optimizer - Server Parser - Server Partition - Server Privileges - Server Replication - Stored Procedure
    last seen2020-06-01
    modified2020-06-02
    plugin id64935
    published2013-02-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64935
    titleMariaDB 5.5 < 5.5.29 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2384-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.h tml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id78505
    published2014-10-16
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78505
    titleUbuntu 12.04 LTS / 14.04 LTS : mysql-5.5 vulnerabilities (USN-2384-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1861.NASL
    descriptionFrom Red Hat Security Advisory 2014:1861 : Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id79370
    published2014-11-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79370
    titleOracle Linux 7 : mariadb (ELSA-2014-1861)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1859.NASL
    descriptionUpdated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id79299
    published2014-11-18
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79299
    titleCentOS 5 : mysql55-mysql (CESA-2014:1859)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_8C773D7F6CBB11E2B242C8600054B392.NASL
    descriptionORACLE reports : Multiple SQL injection vulnerabilities in the replication code Stack-based buffer overflow Heap-based buffer overflow
    last seen2020-06-01
    modified2020-06-02
    plugin id64421
    published2013-02-04
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64421
    titleFreeBSD : mysql/mariadb/percona server -- multiple vulnerabilities (8c773d7f-6cbb-11e2-b242-c8600054b392)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-091.NASL
    descriptionThis update provides MariaDB 5.5.42, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security vulnerabilities. Additionally the jemalloc packages is being provided as it was previousely provided with the mariadb source code, built and used but removed from the mariadb source code since 5.5.40.
    last seen2020-06-01
    modified2020-06-02
    plugin id82344
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82344
    titleMandriva Linux Security Advisory : mariadb (MDVSA-2015:091)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1859.NASL
    descriptionUpdated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id79302
    published2014-11-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79302
    titleRHEL 5 : mysql55-mysql (RHSA-2014:1859)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-14791.NASL
    descriptionUpdate to 5.5.40 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-12-03
    plugin id79671
    published2014-12-03
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79671
    titleFedora 20 : mariadb-galera-5.5.40-2.fc20 (2014-14791)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1861.NASL
    descriptionUpdated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id79303
    published2014-11-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79303
    titleRHEL 7 : mariadb (RHSA-2014:1861)
  • NASL familyDatabases
    NASL idMARIADB_5_1_67.NASL
    descriptionThe version of MariaDB 5.1 running on the remote host is prior to 5.1.67. It is, therefore, potentially affected by vulnerabilities in the following components : - Information Schema - InnoDB - Server - Server Locking - Server Optimizer - Server Privileges - Server Replication
    last seen2020-06-01
    modified2020-06-02
    plugin id64932
    published2013-02-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64932
    titleMariaDB 5.1 < 5.1.67 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idMARIADB_5_3_12.NASL
    descriptionThe version of MariaDB 5.3 running on the remote host is prior to 5.3.12. It is, therefore, potentially affected by vulnerabilities in the following components : - Information Schema - InnoDB - Server - Server Locking - Server Optimizer - Server Privileges - Server Replication
    last seen2020-06-01
    modified2020-06-02
    plugin id64934
    published2013-02-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64934
    titleMariaDB 5.3 < 5.3.12 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBMYSQL55CLIENT18-150302.NASL
    descriptionThe MySQL datebase server was updated to 5.5.42, fixing various bugs and security issues. More information can be found on : - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 42.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 41.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 40.html Also various issues with the mysql start script were fixed. (bsc#868673,bsc#878779)
    last seen2020-06-01
    modified2020-06-02
    plugin id82428
    published2015-03-30
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82428
    titleSuSE 11.3 Security Update : MySQL (SAT Patch Number 10387)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0743-1.NASL
    descriptionmariadb was updated to version 10.0.16 to fix 40 security issues. These security issues were fixed : - CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption (bnc#915911). - CVE-2015-0382: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381 (bnc#915911). - CVE-2015-0381: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382 (bnc#915911). - CVE-2015-0432: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allowed remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key (bnc#915911). - CVE-2014-6568: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allowed remote authenticated users to affect availability via vectors related to Server : InnoDB : DML (bnc#915911). - CVE-2015-0374: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key (bnc#915911). - CVE-2014-6507: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (bnc#915912). - CVE-2014-6491: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500 (bnc#915912). - CVE-2014-6500: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491 (bnc#915912). - CVE-2014-6469: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler and 5.6.20 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER (bnc#915912). - CVE-2014-6555: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (bnc#915912). - CVE-2014-6559: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING (bnc#915912). - CVE-2014-6494: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496 (bnc#915912). - CVE-2014-6496: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494 (bnc#915912). - CVE-2014-6464: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS (bnc#915912). - CVE-2010-5298: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allowed remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (bnc#873351). - CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did not properly validate fragment lengths in DTLS ClientHello messages, which allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (bnc#880891). - CVE-2014-0198: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, did not properly manage a buffer pointer during certain recursive calls, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (bnc#876282). - CVE-2014-0221: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allowed remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (bnc#915913). - CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did not properly restrict processing of ChangeCipherSpec messages, which allowed man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the
    last seen2020-06-01
    modified2020-06-02
    plugin id83716
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83716
    titleSUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:0743-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1859.NASL
    descriptionFrom Red Hat Security Advisory 2014:1859 : Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id79369
    published2014-11-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79369
    titleOracle Linux 5 : mysql55-mysql (ELSA-2014-1859)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3054.NASL
    descriptionSeveral issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle
    last seen2020-03-17
    modified2014-10-21
    plugin id78589
    published2014-10-21
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78589
    titleDebian DSA-3054-1 : mysql-5.5 - security update
  • NASL familyDatabases
    NASL idMARIADB_5_2_14.NASL
    descriptionThe version of MariaDB 5.2 running on the remote host is prior to 5.2.14. It is, therefore, potentially affected by vulnerabilities in the following components : - Information Schema - InnoDB - Server - Server Locking - Server Optimizer - Server Privileges - Server Replication
    last seen2020-06-01
    modified2020-06-02
    plugin id64933
    published2013-02-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64933
    titleMariaDB 5.2 < 5.2.14 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idMYSQL_5_6_20.NASL
    descriptionThe version of MySQL installed on the remote host is version 5.6.x prior to 5.6.20. It is, therefore, affected by errors in the following components : - CLIENT:MYSQLADMIN - CLIENT:MYSQLDUMP - SERVER:CHARACTER SETS - SERVER:DML - SERVER:MEMORY STORAGE ENGINE - SERVER:MyISAM - SERVER:PRIVILEGES AUTHENTICATION PLUGIN API - SERVER:REPLICATION ROW FORMAT BINARY LOG DML - SERVER:SSL:OpenSSL - SERVER:SSL:yaSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id77670
    published2014-09-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77670
    titleMySQL 5.6.x < 5.6.20 Multiple Vulnerabilities (October 2014 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBMYSQLCLIENT-DEVEL-121227.NASL
    descriptionA stack-based buffer overflow in MySQL has been fixed that could have caused a Denial of Service or potentially allowed the execution of arbitrary code. (CVE-2012-5611)
    last seen2020-06-05
    modified2013-02-10
    plugin id64531
    published2013-02-10
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64531
    titleSuSE 11.2 Security Update : MySQL (SAT Patch Number 7251)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/118555/mysql_userenum.pl.txt
idPACKETSTORM:118555
last seen2016-12-05
published2012-12-03
reporterKingcope
sourcehttps://packetstormsecurity.com/files/118555/Oracle-MySQL-User-Account-Enumeration-Utility.html
titleOracle MySQL User Account Enumeration Utility

Redhat

rpms
  • mysql55-mysql-0:5.5.40-2.el5
  • mysql55-mysql-bench-0:5.5.40-2.el5
  • mysql55-mysql-debuginfo-0:5.5.40-2.el5
  • mysql55-mysql-devel-0:5.5.40-2.el5
  • mysql55-mysql-libs-0:5.5.40-2.el5
  • mysql55-mysql-server-0:5.5.40-2.el5
  • mysql55-mysql-test-0:5.5.40-2.el5
  • mysql55-mysql-0:5.5.40-1.el6
  • mysql55-mysql-0:5.5.40-1.el7
  • mysql55-mysql-bench-0:5.5.40-1.el6
  • mysql55-mysql-bench-0:5.5.40-1.el7
  • mysql55-mysql-debuginfo-0:5.5.40-1.el6
  • mysql55-mysql-debuginfo-0:5.5.40-1.el7
  • mysql55-mysql-devel-0:5.5.40-1.el6
  • mysql55-mysql-devel-0:5.5.40-1.el7
  • mysql55-mysql-libs-0:5.5.40-1.el6
  • mysql55-mysql-libs-0:5.5.40-1.el7
  • mysql55-mysql-server-0:5.5.40-1.el6
  • mysql55-mysql-server-0:5.5.40-1.el7
  • mysql55-mysql-test-0:5.5.40-1.el6
  • mysql55-mysql-test-0:5.5.40-1.el7
  • mariadb-1:5.5.40-1.el7_0
  • mariadb-bench-1:5.5.40-1.el7_0
  • mariadb-debuginfo-1:5.5.40-1.el7_0
  • mariadb-devel-1:5.5.40-1.el7_0
  • mariadb-embedded-1:5.5.40-1.el7_0
  • mariadb-embedded-devel-1:5.5.40-1.el7_0
  • mariadb-libs-1:5.5.40-1.el7_0
  • mariadb-server-1:5.5.40-1.el7_0
  • mariadb-test-1:5.5.40-1.el7_0
  • mariadb55-mariadb-0:5.5.40-10.el6
  • mariadb55-mariadb-0:5.5.40-10.el7
  • mariadb55-mariadb-bench-0:5.5.40-10.el6
  • mariadb55-mariadb-bench-0:5.5.40-10.el7
  • mariadb55-mariadb-debuginfo-0:5.5.40-10.el6
  • mariadb55-mariadb-debuginfo-0:5.5.40-10.el7
  • mariadb55-mariadb-devel-0:5.5.40-10.el6
  • mariadb55-mariadb-devel-0:5.5.40-10.el7
  • mariadb55-mariadb-libs-0:5.5.40-10.el6
  • mariadb55-mariadb-libs-0:5.5.40-10.el7
  • mariadb55-mariadb-server-0:5.5.40-10.el6
  • mariadb55-mariadb-server-0:5.5.40-10.el7
  • mariadb55-mariadb-test-0:5.5.40-10.el6
  • mariadb55-mariadb-test-0:5.5.40-10.el7
  • mariadb-galera-common-0:5.5.40-2.el6ost
  • mariadb-galera-debuginfo-0:5.5.40-2.el6ost
  • mariadb-galera-server-0:5.5.40-2.el6ost
  • mariadb-galera-common-1:5.5.40-2.el7ost
  • mariadb-galera-debuginfo-1:5.5.40-2.el7ost
  • mariadb-galera-server-1:5.5.40-2.el7ost

References