Lucene search

PRIOn knowledge basePRION:CVE-2012-5615

HistoryDec 03, 2012 - 12:49 p.m.

Buffer overflow

2012-12-0312:49:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.065 Low

EPSS

Percentile

93.5%

JSON

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.

CPENameOperatorVersion
mariadbeq5.5.2897
mariadbeq5.2.13
mariadbeq5.1.66
mariadbeq5.3.11
mysqleq5.5.19

Name	Operator	Version
mariadb	eq	5.5.2897
mariadb	eq	5.2.13
mariadb	eq	5.1.66
mariadb	eq	5.3.11
mysql	eq	5.5.19

References

lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html

lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html

seclists.org/fulldisclosure/2012/Dec/9

secunia.com/advisories/53372

security.gentoo.org/glsa/glsa-201308-06.xml

www.mandriva.com/security/advisories?name=MDVSA-2013:102

www.openwall.com/lists/oss-security/2012/12/02/3

www.openwall.com/lists/oss-security/2012/12/02/4

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

mariadb.atlassian.net/browse/MDEV-3909

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.065 Low

EPSS

Percentile

93.5%

JSON

Related for PRION:CVE-2012-5615