CVE-2012-5627

Опубликовано: 03 дек. 2012

Источник: redhat

CVSS2: 2.6

Описание

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Отчет

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	mysql	Will not fix
Red Hat Enterprise Linux 6	mysql	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=883719mysql: efficient password guessing attack using change_user()

2.6 Low

CVSS2

Связанные уязвимости

CVE-2012-5627

ubuntu

больше 12 лет назад

CVE-2012-5627

nvd

больше 12 лет назад

CVE-2012-5627

msrc

больше 5 лет назад

Oracle MySQL and MariaDB 5.5.x before 5.5.29 5.3.x before 5.3.12 and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

CVE-2012-5627

debian

больше 12 лет назад

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and ...

GHSA-46h7-m4g6-26pp

github

больше 3 лет назад

2.6 Low

CVSS2