Lucene search

K

PRIOn knowledge basePRION:CVE-2012-5627

HistoryOct 01, 2013 - 5:55 p.m.

Command injection

2013-10-0117:55:00

PRIOn knowledge base

www.prio-n.com

3

6.5 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

60.2%

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

CPENameOperatorVersion
mariadbeq10.0.0
mariadbge5.2.0
mariadblt5.2.14
mariadbge5.3.0
mariadblt5.3.12
mariadbge5.5.0
mariadblt5.5.29
mysqlge5.5.0
mysqllt5.5.29

References

seclists.org/fulldisclosure/2012/Dec/58

seclists.org/fulldisclosure/2012/Dec/83

seclists.org/oss-sec/2012/q4/424

secunia.com/advisories/53372

security.gentoo.org/glsa/glsa-201308-06.xml

www.mandriva.com/security/advisories?name=MDVSA-2013:102

bugzilla.redhat.com/show_bug.cgi?id=883719

mariadb.atlassian.net/browse/MDEV-3915

6.5 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

60.2%

Related for PRION:CVE-2012-5627

ubuntucve1 cve1 mariadbunix1 cbl_mariner2 openvas4 nessus9 seebug1 altlinux1 freebsd1 gentoo1