From: full-disclosure: * CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC Zeroday http://seclists.org/fulldisclosure/2012/Dec/4 https://bugzilla.redhat.com/show_bug.cgi?id=882599 * CVE-2012-5612 MySQL (Linux) Heap Based Overrun PoC Zeroday http://seclists.org/fulldisclosure/2012/Dec/5 https://bugzilla.redhat.com/show_bug.cgi?id=882600 * CVE-2012-5613 MySQL (Linux) Database Privilege Elevation Zeroday Exploit http://seclists.org/fulldisclosure/2012/Dec/6 https://bugzilla.redhat.com/show_bug.cgi?id=882606 * CVE-2012-5614 MySQL Denial of Service Zeroday PoC http://seclists.org/fulldisclosure/2012/Dec/7 https://bugzilla.redhat.com/show_bug.cgi?id=882607 * CVE-2012-5615 MySQL Remote Preauth User Enumeration Zeroday http://seclists.org/fulldisclosure/2012/Dec/9 https://bugzilla.redhat.com/show_bug.cgi?id=882608
CVE-2012-5615 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5615): MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames. CVE-2012-5614 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5614): MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements. CVE-2012-5613 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5613): ** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue. CVE-2012-5612 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5612): Heap-based buffer overflow in MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands. CVE-2012-5611 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5611): Stack-based buffer overflow in MySQL 5.5.19, 5.1.53, and possibly other versions, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Adding CVE-2012-5627: Mysql insecure salt-usage reference: http://www.openwall.com/lists/oss-security/2012/12/06/4
*** Bug 452938 has been marked as a duplicate of this bug. ***
CVE-2012-5627 is pending upstream for MariaDB (5.5.29 not released). All other versions are now in the tree, and ready for stablereq. ebuilds & target keywords: mysql-5.1.67: alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86 mysql-5.5.29 (no stable keywords) mariadb: no stable keywords Test instructions: USE='berkdb -cluster embedded extraengine perl ssl community' \ FEATURES='test userpriv -usersandbox' \ ebuild mysql-5.1.67.ebuild \ digest clean package
arm stable
amd64/x86 stable
Stable on amd64, but the included config file doesn't work => package is broken and anything but stable! # /etc/init.d/mysql start * Starting mysql ... mkdir: cannot create directory ‘@GENTOO_PORTAGE_EPREFIX@/var/run/mysqld’: No such file or directory * Directory @GENTOO_PORTAGE_EPREFIX@/var/run/mysqld for pidfile does not exist and cannot be created * ERROR: mysql failed to start
Gerald: Do you have a copy of the mysql overlay or something? You shouldn't have gotten @GENTOO_PORTAGE_EPREFIX@ in any file unless your system didn't run the eprefixify function per mysql-cmake.eclass src_install.
The root cause of the bug Gerald reported has been found and is being addressed in bug 430836
ppc64 stable
ppc stable
ia64 stable
sparc stable
Stable for HPPA.
CVE-2013-0389 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0389): Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. CVE-2013-0386 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0386): Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. CVE-2013-0385 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0385): Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication. CVE-2013-0384 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0384): Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema. CVE-2013-0383 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0383): Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking. CVE-2013-0375 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0375): Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication. CVE-2013-0371 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0371): Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM. CVE-2013-0368 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0368): Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVE-2013-0367 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0367): Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition. CVE-2012-5096 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5096): Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors. CVE-2012-5060 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5060): Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension. CVE-2012-1705 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1705): Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. CVE-2012-1702 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1702): Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors. CVE-2012-0578 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0578): Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. CVE-2012-0574 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0574): Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors. CVE-2012-0572 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0572): Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
sh stable
s390 stable
alpha stable
Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201308-06 at http://security.gentoo.org/glsa/glsa-201308-06.xml by GLSA coordinator Sergey Popov (pinkbyte).
CVE-2012-5627 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5627): Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.