Vulnerability: Multiple vulnerabilities in MySQL
Danger: Middle
If the Patch: Yes
Number of vulnerabilities: 14
Impact:
- Denial of service
- Disclosure of sensitive data
- Unauthorized manipulation of data
- System compromise
Affected products: MySQL 5.x
Affected versions: MySQL 5.1.63, 5.5.25 and earlier
CVE ID: CVE-2012-3144
CVE-2012-3147
CVE-2012-3149
CVE-2012-3150
CVE-2012-3156
CVE-2012-3158
CVE-2012-3160
CVE-2012-3163
CVE-2012-3166
CVE-2012-3167
CVE-2012-3173
CVE-2012-3177
CVE-2012-3180
CVE-2012-3197
Description:
Which can be exploited by malicious people to disclose sensitive information, cause a denial of service or compromise a vulnerable system.
1. The vulnerability is caused due to an unspecified error in the component Information Schema. Authenticated user can execute arbitrary code on the target system.
2. The vulnerability is caused due to an unspecified error in the component Protocol. A remote user can execute arbitrary code on the target system.
3. The vulnerability is caused due to an unspecified error in the component Server. Authenticated user can cause denial of service.
4. The vulnerability is caused due to an unspecified error in the component MySQL Client. An attacker can change certain data and cause a denial of service.
5. The vulnerability is caused due to an unspecified error in the component InnoDB. Authenticated user can cause denial of service.
6. The vulnerability is caused due to an unspecified error in the component InnoDB Plugin. Authenticated user can cause denial of service.
7. The vulnerability is caused due to an unspecified error in the component Server. Authenticated user can cause denial of service.
8. The vulnerability is caused due to an unspecified error in the component Server Optimizer. Authenticated user can cause denial of service.
9. The vulnerability is caused due to an unspecified error in the component Server Optimizer. Authenticated user can cause denial of service.
10. The vulnerability is caused due to an unspecified error in the component MySQL Client. Authenticated user can gain access to potentially sensitive information.
11. The vulnerability is caused due to an unspecified error in the component Server. Authenticated user can cause denial of service.
12. The vulnerability is caused due to an unspecified error in the component Server Full Text Search. Authenticated user can cause denial of service.
13. The vulnerability is caused due to an unspecified error in the component Server Replication. Authenticated user can cause denial of service.
14. The vulnerability is caused due to an unspecified error in the component Server Installation. A local user can gain access to sensitive data.
Manufacturer URL: www.mysql.com
Solution: Install the update from the manufacturer.
Links:
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html