Linux Distros Unpatched Vulnerability : CVE-2012-2658

🗓️ 21 Aug 2025 00:00:00Reported by TenableType

Unpatched unixODBC 2.3.1 buffer overflow in SQLDriverConnect enables local denial via option.

Reporter	Title	Published	Views	Family All 13
CVE	CVE-2012-2658	31 Aug 201200:00	–	cve
Cvelist	CVE-2012-2658	31 Aug 201200:00	–	cvelist
Debian CVE	CVE-2012-2658	31 Aug 201200:00	–	debiancve
NVD	CVE-2012-2658	31 Aug 201218:55	–	nvd
OSV	BELL-CVE-2012-2658 CVE-2012-2658 does not affect BellSoft software	31 Aug 201218:55	–	osv
OSV	DEBIAN-CVE-2012-2658	31 Aug 201218:55	–	osv
OSV	UBUNTU-CVE-2012-2658	31 Aug 201218:55	–	osv
Prion	Buffer overflow	31 Aug 201218:55	–	prion
Positive Technologies	PT-2012-1207 · Unixodbc +1 · Unixodbc +1	14 May 201200:00	–	ptsecurity
Positive Technologies	PT-2012-1208 · Unixodbc +1 · Unixodbc +1	14 May 201200:00	–	ptsecurity

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2012-2658
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(253168);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/21");

  script_cve_id("CVE-2012-2658");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2012-2658");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of
    service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability,
    since the ability to set this option typically implies that the attacker already has legitimate access to
    cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be
    limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely
    that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries
    in that context. (CVE-2012-2658)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2012-2658");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-2658");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:unixodbc");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-14.04", "Host/OS/Ubuntu Linux-16.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-14.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14.04",
        "pkgs": [
          {"reference": "libodbc1"},
          {"reference": "odbcinst"},
          {"reference": "odbcinst1debian2"},
          {"reference": "unixodbc"},
          {"reference": "unixodbc-dev"}
        ]
      }
    ]
  },
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "libodbc1"},
          {"reference": "odbcinst"},
          {"reference": "odbcinst1debian2"},
          {"reference": "unixodbc"},
          {"reference": "unixodbc-dev"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

21 Aug 2025 00:00Current

5.4Medium risk

Vulners AI Score5.4

CVSS 22.1

EPSS0.00068