Multiple vulnerabilities in MySQL

Posted: October 18, 2012 in Vulnerabilities
Tags: ,

MySQLVulnerability: Multiple vulnerabilities in MySQL

Danger: Middle
If the Patch: Yes
Number of vulnerabilities: 14

Impact:

  • Denial of service
  • Disclosure of sensitive data
  • Unauthorized manipulation of data
  • System compromise

Affected products: MySQL 5.x

Affected versions: MySQL 5.1.63, 5.5.25 and earlier

CVE ID: CVE-2012-3144
CVE-2012-3147
CVE-2012-3149
CVE-2012-3150
CVE-2012-3156
CVE-2012-3158
CVE-2012-3160
CVE-2012-3163
CVE-2012-3166
CVE-2012-3167
CVE-2012-3173
CVE-2012-3177
CVE-2012-3180
CVE-2012-3197

Description:

Which can be exploited by malicious people to disclose sensitive information, cause a denial of service or compromise a vulnerable system.

1. The vulnerability is caused due to an unspecified error in the component Information Schema. Authenticated user can execute arbitrary code on the target system.

2. The vulnerability is caused due to an unspecified error in the component Protocol. A remote user can execute arbitrary code on the target system.

3. The vulnerability is caused due to an unspecified error in the component Server. Authenticated user can cause denial of service.

4. The vulnerability is caused due to an unspecified error in the component MySQL Client. An attacker can change certain data and cause a denial of service.

5. The vulnerability is caused due to an unspecified error in the component InnoDB. Authenticated user can cause denial of service.

6. The vulnerability is caused due to an unspecified error in the component InnoDB Plugin. Authenticated user can cause denial of service.

7. The vulnerability is caused due to an unspecified error in the component Server. Authenticated user can cause denial of service.

8. The vulnerability is caused due to an unspecified error in the component Server Optimizer. Authenticated user can cause denial of service.

9. The vulnerability is caused due to an unspecified error in the component Server Optimizer. Authenticated user can cause denial of service.

10. The vulnerability is caused due to an unspecified error in the component MySQL Client. Authenticated user can gain access to potentially sensitive information.

11. The vulnerability is caused due to an unspecified error in the component Server. Authenticated user can cause denial of service.

12. The vulnerability is caused due to an unspecified error in the component Server Full Text Search. Authenticated user can cause denial of service.

13. The vulnerability is caused due to an unspecified error in the component Server Replication. Authenticated user can cause denial of service.

14. The vulnerability is caused due to an unspecified error in the component Server Installation. A local user can gain access to sensitive data.

Manufacturer URL: www.mysql.com

Solution: Install the update from the manufacturer.

Links:

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s