Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
MySQL Multiple Bugs Let Local and Remote Users Partially Access and Modifiy Data and Partially Deny Service
|
|
SecurityTracker Alert ID: 1026530 |
|
SecurityTracker URL: http://securitytracker.com/id/1026530
|
|
CVE Reference:
CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0117, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0490, CVE-2012-0491, CVE-2012-0492, CVE-2012-0493, CVE-2012-0494, CVE-2012-0495, CVE-2012-0496
(Links to External Site)
|
Date: Jan 18 2012
|
Impact:
Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5.0.x, 5.1.x, 5.5.x
|
Description:
Multiple vulnerabilities were reported in MySQL. A remote or local user can cause partial denial of service conditions. A local or remote authenticated user can partially access and modify data.
No details were provided.
[Editor's note: Details will be added as researchers provide them.]
The following researchers reported these and other Oracle vulnerabilities:
An Anonymous Reporter of TippingPoint's Zero Day Initiative; Behrang Fouladi of SensePost Information Security; Chris Wysopal of Veracode; Clement Lecigne; Dennis Yurichev of McAfee Labs; Gorkem Yakin; InfoWorld; Juan Pablo Perez Etchegoyen of Onapsis; Mateusz "j00ru" Jurczyk; Michael Myngerbayev of McAfee Labs; Michael Oglesby of True Digital Security; Minetoshi Takizawa through JPCERT/CC Vulnerability Handling Team; Robert Maly of Ness Technologies; Rohan Stelling of Stratsec Research; and Will Dormann of CERT/CC.
|
Impact:
A remote or local user can cause partial denial of service conditions.
A local or remote authenticated user can partially access and modify data.
|
Solution:
The vendor has issued a fix, described in their January 2012 Critical Patch Update advisory.
The vendor's advisory is available at:
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
|
Vendor URL: www.oracle.com/technetwork/topics/security/cpujan2012-366304.html (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 18 Jan 2012 01:46:25 +0000
Subject: MySQL
|
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
CVE-2011-2262
CVE-2012-0075
CVE-2012-0087
CVE-2012-0101
CVE-2012-0102
CVE-2012-0112
CVE-2012-0113
CVE-2012-0114
CVE-2012-0115
CVE-2012-0116
CVE-2012-0117
CVE-2012-0118
CVE-2012-0119
CVE-2012-0120
CVE-2012-0484
CVE-2012-0485
CVE-2012-0486
CVE-2012-0487
CVE-2012-0488
CVE-2012-0489
CVE-2012-0490
CVE-2012-0491
CVE-2012-0492
CVE-2012-0493
CVE-2012-0494
CVE-2012-0495
CVE-2012-0496
|
|
Go to the Top of This SecurityTracker Archive Page
|
