Lucene search
RootSSV:60501HistoryDec 11, 2012 - 12:00 a.m.
Oracle MySQL/MariaDB 不安全Salt生成安全绕过漏洞(CVE-2012-5627)
2012-12-1100:00:00
Root
www.seebug.org
39
0.002 Low
EPSS
Percentile
60.8%
Bugtraq ID:56837
CVE ID:CVE-2012-5627
MySQL是一款开源关系型数据库管理系统。MariaDB是一个采用Maria存储引擎的MySQL分支版本。
MySQL处理密码salt值存在漏洞,当用户登录MySQL时,会生成Salt值用于防止密码猜测攻击。此salt值在会话开始时创建并用于整个会话,如果通过验证的攻击者使用MySQL "change_user"命令尝试以其他用户登录,由于Salt已知,可导致密码猜测更有效率。
0
MySQL 5.5.19及其他版本
MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66
MariaDB 5.5.29, 5.3.12, 5.2.14, 5.1.67已经修复此漏洞,建议用户下载使用:
https://mariadb.atlassian.net/browse/MDEV/fixforversion/12102
https://mariadb.atlassian.net/browse/MDEV/fixforversion/12000
https://mariadb.atlassian.net/browse/MDEV/fixforversion/12101
https://mariadb.atlassian.net/browse/MDEV/fixforversion/12100
Related
ubuntucve
ubuntucve
CVE-2012-5627
2013-10-01 00:00:00
cve
cve
CVE-2012-5627
2013-10-01 17:55:00
nessus
nessus
MySQL Server COM_CHANGE_USER Command Security Bypass
2013-11-27 00:00:00
FreeBSD : mysql/mariadb/percona server -- multiple vulnerabilities (8c773d7f-6cbb-11e2-b242-c8600054b392)
2013-02-04 00:00:00
Mandriva Linux Security Advisory : mariadb (MDVSA-2013:102)
2013-04-20 00:00:00
cbl_mariner
cbl_mariner
CVE-2012-5627 affecting package mysql for versions less than 8.0.24-1
2022-04-09 06:53:03
CVE-2012-5627 affecting package mysql 8.0.29-1
2021-09-09 15:03:39
mariadbunix
mariadbunix
CVE-2012-5627
2013-10-01 17:55:00
openvas
openvas
MariaDB 'COM_CHANGE_USER' Command Insecure Salt Generation Security Bypass Vulnerability - Linux
2016-06-07 00:00:00
MariaDB 'COM_CHANGE_USER' Command Insecure Salt Generation Security Bypass Vulnerability
2013-11-06 00:00:00
Ubuntu Update for mysql-5.5 USN-1807-1
2013-04-25 00:00:00
prion
prion
Command injection
2013-10-01 17:55:00
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version April
2013-04-01 00:00:00
freebsd
freebsd
mysql/mariadb/percona server -- multiple vulnerabilities
2012-12-01 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2013-08-29 00:00:00