CVE-2012-5627

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
oraclemysql
5.5.0 ≤
𝑥
< 5.5.29
mariadbmariadb
5.2.0 ≤
𝑥
< 5.2.14
mariadbmariadb
5.3.0 ≤
𝑥
< 5.3.12
mariadbmariadb
5.5.0 ≤
𝑥
< 5.5.29
mariadbmariadb
10.0.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mariadb-5.5
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
not-affected
trusty
dne
precise
dne
lucid
dne
mysql-5.5
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
ignored
trusty
ignored
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
oneiric
dne
lucid
dne
hardy
dne
mysql-5.6
yakkety
dne
xenial
dne
wily
ignored
vivid
ignored
utopic
ignored
trusty
dne
precise
dne
lucid
dne
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2012/Dec/58
http://seclists.org/fulldisclosure/2012/Dec/83
http://seclists.org/oss-sec/2012/q4/424
http://secunia.com/advisories/53372
http://security.gentoo.org/glsa/glsa-201308-06.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2013:102
https://bugzilla.redhat.com/show_bug.cgi?id=883719
https://mariadb.atlassian.net/browse/MDEV-3915
http://seclists.org/fulldisclosure/2012/Dec/58
http://seclists.org/fulldisclosure/2012/Dec/83
http://seclists.org/oss-sec/2012/q4/424
http://secunia.com/advisories/53372
http://security.gentoo.org/glsa/glsa-201308-06.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2013:102
https://bugzilla.redhat.com/show_bug.cgi?id=883719
https://mariadb.atlassian.net/browse/MDEV-3915