CVE-2012-5612: Buffer Overflow
First published: Mon Dec 03 2012(Updated: )
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ariadne CMS | >=5.1.0<5.1.67 | |
| Ariadne CMS | >=5.2.0<5.2.14 | |
| Ariadne CMS | >=5.3.0<5.3.12 | |
| Ariadne CMS | >=5.5.0<5.5.29 | |
| Ariadne CMS | =10.0.0 | |
| MySQL | >=5.5.0<=5.5.28 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp2 | |
| SUSE Linux Enterprise Server | =11-sp2 | |
| suse linux enterprise server vmware | =11-sp2 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp2 | |
| Ubuntu | =10.04 | |
| Ubuntu | =11.10 | |
| Ubuntu | =12.04 | |
| Ubuntu | =12.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html
- http://seclists.org/fulldisclosure/2012/Dec/5
- http://secunia.com/advisories/53372
- http://security.gentoo.org/glsa/glsa-201308-06.xml
- http://www.exploit-db.com/exploits/23076
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:102
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.openwall.com/lists/oss-security/2012/12/02/3
- http://www.openwall.com/lists/oss-security/2012/12/02/4
- http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
- http://www.ubuntu.com/usn/USN-1703-1
- https://mariadb.atlassian.net/browse/MDEV-3908
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16960
Frequently Asked Questions
What is the severity of CVE-2012-5612?
CVE-2012-5612 has a high severity rating due to its potential to cause denial of service and possibly allow remote code execution.
How does CVE-2012-5612 affect Oracle MySQL and MariaDB?
CVE-2012-5612 affects Oracle MySQL versions 5.5.19 to 5.5.28 and MariaDB versions 5.5.28a and possibly others by allowing a heap-based buffer overflow.
How do I fix CVE-2012-5612?
To fix CVE-2012-5612, upgrade Oracle MySQL to version 5.5.29 or later and MariaDB to a patched version.
Can CVE-2012-5612 be exploited remotely?
Yes, CVE-2012-5612 can be exploited by remote authenticated users, leading to memory corruption and application crashes.
What types of systems are impacted by CVE-2012-5612?
CVE-2012-5612 impacts systems running affected versions of Oracle MySQL and MariaDB, including various Linux distributions.
- agent/type
- agent/remedy
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mariadb
- canonical/ariadne cms
- version/ariadne cms/5.1.0
- version/ariadne cms/5.2.0
- version/ariadne cms/5.3.0
- version/ariadne cms/5.5.0
- version/ariadne cms/10.0.0
- vendor/oracle
- canonical/mysql
- version/mysql/5.5.0
- version/mysql/5.5.28
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/11-sp2
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp2
- canonical/suse linux enterprise server vmware
- version/suse linux enterprise server vmware/11-sp2
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11-sp2
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/10.04
- version/ubuntu/11.10
- version/ubuntu/12.04
- version/ubuntu/12.10