CVE-2012-4414 Information

Description

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29 and MariaDB 5.1.x through 5.1.62 5.2.x through 5.2.12 5.3.x through 5.3.7 and 5.5.x through 5.5.25 allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116 Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

Reference

http://bugs.mysql.com/bug.php?id=66550 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ http://www.openwall.com/lists/oss-security/2012/09/11/4 http://www.securityfocus.com/bid/55498 https://bugzilla.redhat.com/show_bug.cgi?id=852144 https://mariadb.atlassian.net/browse/MDEV-382