CVE-2012-5627 — MEDIUM (4.0)

Q: How severe is CVE-2012-5627?

CVE-2012-5627 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-5627?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Mysql, Mariadb Mariadb.

Vulnerability Description

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

CVSS Score

4.0

MEDIUM

AV:N/AC:L/Au:S/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Oracle	Mysql	>= 5.5.0, < 5.5.29
Mariadb	Mariadb	>= 5.2.0, < 5.2.14

Related Weaknesses (CWE)

CWE-522

References

http://seclists.org/fulldisclosure/2012/Dec/58ExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2012/Dec/83ExploitMailing ListThird Party Advisory
http://seclists.org/oss-sec/2012/q4/424Mailing ListThird Party Advisory
http://secunia.com/advisories/53372Not Applicable
http://security.gentoo.org/glsa/glsa-201308-06.xmlPatchThird Party AdvisoryVDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2013:102Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=883719Issue TrackingPatchThird Party Advisory
https://mariadb.atlassian.net/browse/MDEV-3915Broken LinkVendor Advisory
http://seclists.org/fulldisclosure/2012/Dec/58ExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2012/Dec/83ExploitMailing ListThird Party Advisory
http://seclists.org/oss-sec/2012/q4/424Mailing ListThird Party Advisory
http://secunia.com/advisories/53372Not Applicable
http://security.gentoo.org/glsa/glsa-201308-06.xmlPatchThird Party AdvisoryVDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2013:102Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=883719Issue TrackingPatchThird Party Advisory

FAQ

What is CVE-2012-5627?

CVE-2012-5627 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection whi...

How severe is CVE-2012-5627?

CVE-2012-5627 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-5627?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Mysql, Mariadb Mariadb.