Posts Tagged ‘MySQL’

MySql

Multiple vulnerabilities

Vulnerability: Multiple vulnerabilities in MySQL

Danger: High
Number of vulnerabilities: 4
CVE ID:

– CVE-2012-5611
– CVE-2012-5612
– CVE-2012-5614
– CVE-2012-5615

Vector of operation: LAN
Impact: Brute-force attack, Denial of service, System compromise

Affected products: MySQL 5.x

Affected versions: MySQL 5.x, perhaps the only one.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system. (more…)

MySql

Exploits for MySQL

Tools uses unpatched vulnerabilities in the database management system.

In Full Disclosure published a number of exploits for vulnerabilities in the database management system (DBMS) MySQL versions 5.1.x and 5.5.x. Among other things, an anonymous user posted under a pseudonym ‘Kingcope’ of sending several tools that exploit vulnerabilities in software products such as FreeSSHd, freeFTPd, IBM System Director and SSH Tectia.

Note that five of exploits designed to MySQL, two allow a remote attacker to cause a denial of service, and also to check whether the user name. Successful exploitation of this vulnerability other three must have an account in the database. In this case, a remote attacker could implement to increase DBA privileges and execute arbitrary commands on the system.

Two exploits work on Windows, and three are for Linux-based systems. On assurances of the ‘Kingcope’, all the tools are tested with the latest versions of MySQL packages of Debian Lenny, SUSE and openSUSE.

We encourages our readers to restrict access to MySQL only to trusted hosts.

MySQLVulnerability: Multiple vulnerabilities in MySQL

Danger: Middle
If the Patch: Yes
Number of vulnerabilities: 14

Impact:

  • Denial of service
  • Disclosure of sensitive data
  • Unauthorized manipulation of data
  • System compromise

Affected products: MySQL 5.x

Affected versions: MySQL 5.1.63, 5.5.25 and earlier (more…)