CVE-2012-2749

Related Files

Mandriva Linux Security Advisory 2013-008

Posted Feb 6, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-008 - sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service via vectors related to incorrect calculation and a sort order index. Stack-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2012-2122, CVE-2012-2749, CVE-2012-5611

SHA-256 | b49df6bc4397ad8618cab19cb79f3703b128fb5b64bd72878f5ca80369c7124b

Download | Favorite | View

Red Hat Security Advisory 2013-0180-01

Posted Jan 23, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0180-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. A flaw was found in the way MySQL calculated the key length when creating a sort order index for certain queries. An authenticated database user could use this flaw to crash the mysqld daemon.

tags | advisory, overflow, arbitrary

systems | linux, redhat

advisories | CVE-2012-2749, CVE-2012-5611

SHA-256 | c46944fff9eaf716d515206fe427c7820974a5b1849c452e4398e331b4a16859

Download | Favorite | View

Red Hat Security Advisory 2012-1462-01

Posted Nov 14, 2012

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1462-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server.

tags | advisory, vulnerability

systems | linux, redhat

advisories | CVE-2012-0540, CVE-2012-1688, CVE-2012-1689, CVE-2012-1690, CVE-2012-1703, CVE-2012-1734, CVE-2012-2749, CVE-2012-3150, CVE-2012-3158, CVE-2012-3160, CVE-2012-3163, CVE-2012-3166, CVE-2012-3167, CVE-2012-3173, CVE-2012-3177, CVE-2012-3180, CVE-2012-3197

SHA-256 | 5f398683edce7f8a999f522eb98482c0dae03eec8c5dde0cb44a10f92d46f1a2

Download | Favorite | View