MySQL 'yaSSL' Remote Code Execution Vulnerability
BID:51925
Info
MySQL 'yaSSL' Remote Code Execution Vulnerability
| Bugtraq ID: | 51925 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2012-0882 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 09 2012 12:00AM |
| Updated: | Nov 14 2014 01:59AM |
| Credit: | VulnDisco |
| Vulnerable: |
MySQL AB MySQL 5.5.21 MySQL AB MySQL 5.5.20 MySQL AB MySQL 5.5.19 MySQL AB MySQL 5.5 MySQL AB MySQL 5.1.61 MySQL AB MySQL 5.1.60 MySQL AB MySQL 5.1.52 MySQL AB MySQL 5.1.51 MySQL AB MySQL 5.1.50 MySQL AB MySQL 5.1.49 MySQL AB MySQL 5.1.48 MySQL AB MySQL 5.1.47 MySQL AB MySQL 5.1.46 MySQL AB MySQL 5.1.45 MySQL AB MySQL 5.1.44 MySQL AB MySQL 5.1.43 MySQL AB MySQL 5.1.42 MySQL AB MySQL 5.1.41 MySQL AB MySQL 5.1.39 MySQL AB MySQL 5.1.38 MySQL AB MySQL 5.1.37 MySQL AB MySQL 5.1.36 MySQL AB MySQL 5.1.35 MySQL AB MySQL 5.1.34 MySQL AB MySQL 5.1.33 MySQL AB MySQL 5.1.32 MySQL AB MySQL 5.1.31 MySQL AB MySQL 5.1.30 MySQL AB MySQL 5.1.26 MySQL AB MySQL 5.1.23 MySQL AB MySQL 5.1.22 MySQL AB MySQL 5.1.21 MySQL AB MySQL 5.1.20 MySQL AB MySQL 5.1.18 MySQL AB MySQL 5.1.17 MySQL AB MySQL 5.1.16 MySQL AB MySQL 5.1.15 MySQL AB MySQL 5.1.14 MySQL AB MySQL 5.1.13 MySQL AB MySQL 5.1.12 MySQL AB MySQL 5.1.11 MySQL AB MySQL 5.1.10 MySQL AB MySQL 5.1.6 MySQL AB MySQL 5.1.5 MySQL AB MySQL 5.1.4 MySQL AB MySQL 5.1.3 MySQL AB MySQL 5.1.2 MySQL AB MySQL 5.1.1 8 MySQL AB MySQL 5.1.5A MySQL AB MySQL 5.1.46 Sp1 MySQL AB MySQL 5.1.43 Sp1 MySQL AB MySQL 5.1.40 Sp1 MySQL AB MySQL 5.1.40 MySQL AB MySQL 5.1.37 Sp1 MySQL AB MySQL 5.1.34 Sp1 MySQL AB MySQL 5.1.32-Bzr MySQL AB MySQL 5.1.31 Sp1 MySQL AB MySQL 5.1.29 MySQL AB MySQL 5.1.28 MySQL AB MySQL 5.1.27 MySQL AB MySQL 5.1.25 MySQL AB MySQL 5.1.24 MySQL AB MySQL 5.1.23A MySQL AB MySQL 5.1.23 Bk MySQL AB MySQL 5.1.23 A MySQL AB MySQL 5.1.19 |
| Not Vulnerable: |
MySQL AB MySQL 5.5.22 |
Discussion
MySQL 'yaSSL' Remote Code Execution Vulnerability
MySQL is prone to a remote code execution vulnerability.
Attackers can exploit this vulnerability to execute arbitrary code in the context of the affected application.
MySQL 5.5.20 is vulnerable; other versions may also be affected.
MySQL is prone to a remote code execution vulnerability.
Attackers can exploit this vulnerability to execute arbitrary code in the context of the affected application.
MySQL 5.5.20 is vulnerable; other versions may also be affected.
Exploit / POC
MySQL 'yaSSL' Remote Code Execution Vulnerability
A working exploit has been developed by Intevydis. This exploit is not otherwise publicly available or known to be circulating in the wild.
A working exploit has been developed by Intevydis. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
MySQL 'yaSSL' Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
MySQL 'yaSSL' Remote Code Execution Vulnerability
References:
References:
- MySQL Homepage (Oracle)
- VulnDisco Pack Professional 9.17 (VulnDisco)