Applies To:

Show Versions Show Versions

sol14907: MySQL Server vulnerability CVE-2012-3163
Security AdvisorySecurity Advisory

Original Publication Date: 01/14/2014
Updated Date: 07/07/2014

Description

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. (CVE-2012-3163)

Impact

This vulnerability may include the following risks:

  • Local users may gain knowledge about sensitive information, manipulate certain data, or cause a denial-of-service (DoS) attack.
  • Remote exploitation of Enterprise Manager systems that are configured to allow remote database access may occur.

Status

F5 Product Development tracked this vulnerability as ID 432467 (BIG-IP) and ID 429685 (Enterprise Manager), and has evaluated the currently supported releases for potential vulnerability.

To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:

Product Versions known to be vulnerable Versions known to be not vulnerable Vulnerable component or feature
BIG-IP LTM 11.0.0 - 11.3.0
10.0.0 - 10.2.4

11.4.0 and later

MySQL Server
BIG-IP AAM None
11.4.0 and later MySQL Server
BIG-IP AFM 11.3.0
11.4.0 and later MySQL Server
BIG-IP Analytics 11.0.0 - 11.3.0
11.4.0 and later MySQL Server
BIG-IP APM 11.0.0 - 11.3.0
10.1.0 - 10.2.4
11.4.0 and later MySQL Server
BIG-IP ASM 11.0.0 - 11.3.0
10.0.0 - 10.2.4
11.4.0 and later MySQL Server
BIG-IP Edge Gateway
11.0.0 - 11.3.0
10.1.0 - 10.2.4
11.4.0 and later MySQL Server
BIG-IP GTM 11.0.0 - 11.3.0
10.0.0 - 10.2.4
11.4.0 and later MySQL Server
BIG-IP Link Controller 11.0.0 - 11.3.0
10.0.0 - 10.2.4
11.4.0 and later MySQL Server
BIG-IP PEM 11.3.0
11.4.0 and later MySQL Server
BIG-IP PSM 11.0.0 - 11.3.0
10.0.0 - 10.2.4
11.4.0 and later MySQL Server
BIG-IP WebAccelerator 11.0.0 - 11.3.0
10.0.0 - 10.2.4
None MySQL Server
BIG-IP WOM 11.0.0 - 11.3.0
10.0.0 - 10.2.4
None MySQL Server
ARX None 6.0.0 - 6.4.0
None
Enterprise Manager 3.0.0 - 3.1.1
2.0.0 - 2.3.0

None MySQL Server
FirePass None 7.0.0
6.0.0 - 6.1.0
None
BIG-IQ Cloud None
4.0.0 - 4.3.0
None
BIG-IQ Security None
4.0.0 - 4.3.0
None
BIG-IQ Device
None 4.2.0 - 4.3.0
None

Recommended action

To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table.

To mitigate this vulnerability on Enterprise Manager, you should not enable remote access to the statistics database. Remote access to the statistics database is not enabled by default.

Impact of action: When you configure managed devices to perform statistics data collection, they cannot send collected statistics to the Enterprise Manager system. Additionally, when you configure a system to perform a remote backup of a local statistics database, the system will be unable to access the statistics database.

Supplemental Information

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)