CVE-2012-3163 — HIGH (9.0) — White Hats Nepal

Q: How severe is CVE-2012-3163?

CVE-2012-3163 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-3163?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Mysql, Mariadb Mariadb, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Enterprise Linux Desktop.

Vulnerability Description

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

CVSS Score

9.0

HIGH

AV:N/AC:L/Au:S/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Oracle	Mysql	>= 5.1.0, <= 5.1.64
Mariadb	Mariadb	>= 5.1, < 5.1.66
Canonical	Ubuntu Linux	10.04
Debian	Debian Linux	6.0
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Eus	6.3
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0
F5	Big-Ip Access Policy Manager	>= 10.1.0, <= 10.2.4
F5	Big-Ip Advanced Firewall Manager	11.3.0
F5	Big-Ip Analytics	>= 11.0.0, <= 11.3.0
F5	Big-Ip Application Security Manager	>= 10.0.0, <= 10.2.4
F5	Big-Ip Edge Gateway	>= 10.1.0, <= 10.2.4
F5	Big-Ip Enterprise Manager	>= 2.0.0, <= 2.3.0
F5	Big-Ip Global Traffic Manager	>= 10.0.0, <= 10.2.4
F5	Big-Ip Link Controller	>= 10.0.0, <= 10.2.4
F5	Big-Ip Local Traffic Manager	>= 10.0.0, <= 10.2.4
F5	Big-Ip Policy Enforcement Manager	11.3.0
F5	Big-Ip Protocol Security Module	>= 10.0.0, <= 10.2.4
F5	Big-Ip Wan Optimization Manager	>= 10.0.0, <= 10.2.4

References

http://rhn.redhat.com/errata/RHSA-2012-1462.htmlThird Party Advisory
http://secunia.com/advisories/51177Not Applicable
http://secunia.com/advisories/51309Not Applicable
http://secunia.com/advisories/53372Not Applicable
http://secunia.com/advisories/56509Not Applicable
http://secunia.com/advisories/56513Not Applicable
http://security.gentoo.org/glsa/glsa-201308-06.xmlThird Party Advisory
http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.htmlThird Party Advisory
http://www.debian.org/security/2012/dsa-2581Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.htmlPatchThird Party Advisory
http://www.ubuntu.com/usn/USN-1621-1Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/79381Third Party AdvisoryVDB Entry
http://rhn.redhat.com/errata/RHSA-2012-1462.htmlThird Party Advisory
http://secunia.com/advisories/51177Not Applicable

FAQ

What is CVE-2012-3163?

CVE-2012-3163 is a vulnerability with a CVSS score of 9.0 (HIGH). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availabi...

How severe is CVE-2012-3163?

CVE-2012-3163 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-3163?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Mysql, Mariadb Mariadb, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Enterprise Linux Desktop.