CVE-2012-5613 – MySQL (Linux) - Database Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-5613
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue. ** En disputa ** MySQL v5.5.19 y posiblemente otras versiones, y MariaDB v5.5.28a y posiblemente otros, cuando se configura para asignar el permiso FILE para los usuarios que no deben tener privilegios administrativos, permite a usuarios remotos autenticados obtener privilegios aprovechándose del privilegio FILE para crear los archivos como el administrador de MySQL. NOTA: el vendedor se opone a esta cuestión, afirmando que esto es sólo una vulnerabilidad cuando el administrador no sigue las recomendaciones en la documentación de instalación del producto. NOTA: Se podría argumentar que esto no debería ser incluido en CVE porque es un problema de configuración. • https://www.exploit-db.com/exploits/23077 https://www.exploit-db.com/exploits/35777 https://www.exploit-db.com/exploits/23179 https://github.com/w4fz5uck5/UDFPwn-CVE-2012-5613 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html http://seclists.org/fulldisclosure/2012/Dec/6 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.openwall.com/lists/oss-security/2012/12/02/3 http://www.openwall.com/lists& • CWE-16: Configuration •
CVE-2012-0574 – mysql: unspecified DoS vulnerability related to Server (CPU Jan 2013)
https://notcve.org/view.php?id=CVE-2012-0574
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente Server en Oracle MySQL v5.1.66 y anteriores y v5.5.28 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos. • http://marc.info/?l=bugtraq&m=135109152819176&w=2 http://rhn.redhat.com/errata/RHSA-2013-0219.html http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.ubuntu.com/usn/USN-1703-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17266 https://access.redhat.com •
CVE-2012-3167 – mysql: unspecified DoS vulnerability related to Server Full Text Search (CPU Oct 2012)
https://notcve.org/view.php?id=CVE-2012-3167
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL v5.1.63 y anteriores, y v5.5.25 y anteriores, permite a usuarios remotos autenticados a afectar la disponibilidad a través de vectores desconocidos relacionados con Server Full Text Search. • http://rhn.redhat.com/errata/RHSA-2012-1462.html http://secunia.com/advisories/51177 http://secunia.com/advisories/51309 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.debian.org/security/2012/dsa-2581 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html http://www.ubuntu.com/usn/USN-1621-1 https://exchange.xforce.ibmcloud.com/vulnerabilities •
CVE-2012-3163 – mysql: unspecified vulnerability related to Information Schema (CPU Oct 2012)
https://notcve.org/view.php?id=CVE-2012-3163
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL v5.1.64 y anteriores, y v5.5.26 y anteriores, permite a usuarios remotos autenticados a afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Information Schema. • http://rhn.redhat.com/errata/RHSA-2012-1462.html http://secunia.com/advisories/51177 http://secunia.com/advisories/51309 http://secunia.com/advisories/53372 http://secunia.com/advisories/56509 http://secunia.com/advisories/56513 http://security.gentoo.org/glsa/glsa-201308-06.xml http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html http://www.debian.org/security/2012/dsa-2581 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http:/ •
CVE-2012-3180 – mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Oct 2012)
https://notcve.org/view.php?id=CVE-2012-3180
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL v5.1.65 y anteriores, y v5.5.27 y anteriores, permite a usuarios remotos autenticados a afectar la disponibilidad a través de vectores desconocidos relacionados con Server Optimizer. • http://rhn.redhat.com/errata/RHSA-2012-1462.html http://secunia.com/advisories/51177 http://secunia.com/advisories/51309 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.debian.org/security/2012/dsa-2581 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html http://www.ubuntu.com/usn/USN-1621-1 https://exchange.xforce.ibmcloud.com/vulnerabilities •