DB: Oracle MySQL Multiple Commands Heap Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Oracle MySQL database server. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.
Extended Description
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
Affected Products
Mariadb mariadb
Short Name
DB:MYSQL:COMMANDS-BO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
Buffer CVE-2012-5612 Commands Heap Multiple MySQL Oracle Overflow bid:56768
Release Date
12/05/2012
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Oracle
Mariadb
Suse
Canonical
CVSS Score
6.5