PublicDateAtUSN: 2012-12-03
Candidate: CVE-2012-5615
PublicDate: 2012-12-03 12:49:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615
 http://seclists.org/fulldisclosure/2012/Dec/9
 http://www.openwall.com/lists/oss-security/2012/12/02/4
 http://www.openwall.com/lists/oss-security/2012/12/02/3
 http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
 https://ubuntu.com/security/notices/USN-2384-1
Description:
 Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a,
 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different
 error messages with different time delays depending on whether a user name
 exists, which allows remote attackers to enumerate valid usernames.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695001
 https://mariadb.atlassian.net/browse/MDEV-3909
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_mysql-5.5:
 upstream: http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4676
upstream_mysql-5.5: released (5.5.39)
hardy_mysql-5.5: DNE
lucid_mysql-5.5: DNE
oneiric_mysql-5.5: DNE
precise_mysql-5.5: released (5.5.40-0ubuntu0.12.04.1)
quantal_mysql-5.5: ignored (reached end-of-life)
raring_mysql-5.5: ignored (reached end-of-life)
saucy_mysql-5.5: ignored (reached end-of-life)
trusty_mysql-5.5: released (5.5.40-0ubuntu0.14.04.1)
trusty/esm_mysql-5.5: released (5.5.40-0ubuntu0.14.04.1)
utopic_mysql-5.5: not-affected (5.5.39-0ubuntu4)
vivid_mysql-5.5: DNE
wily_mysql-5.5: DNE
devel_mysql-5.5: DNE

Patches_mysql-dfsg-5.1:
upstream_mysql-dfsg-5.1: needs-triage
hardy_mysql-dfsg-5.1: DNE
lucid_mysql-dfsg-5.1: ignored (reached end-of-life)
oneiric_mysql-dfsg-5.1: DNE
precise_mysql-dfsg-5.1: DNE
quantal_mysql-dfsg-5.1: DNE
raring_mysql-dfsg-5.1: DNE
saucy_mysql-dfsg-5.1: DNE
trusty_mysql-dfsg-5.1: DNE
trusty/esm_mysql-dfsg-5.1: DNE
utopic_mysql-dfsg-5.1: DNE
vivid_mysql-dfsg-5.1: DNE
wily_mysql-dfsg-5.1: DNE
devel_mysql-dfsg-5.1: DNE

Patches_mysql-5.6:
upstream_mysql-5.6: released (5.6.20)
lucid_mysql-5.6: DNE
precise_mysql-5.6: DNE
trusty_mysql-5.6: released (5.6.27-0ubuntu0.14.04.1)
trusty/esm_mysql-5.6: DNE (trusty was released [5.6.27-0ubuntu0.14.04.1])
utopic_mysql-5.6: ignored (reached end-of-life)
vivid_mysql-5.6: not-affected (5.6.23-1~exp1~ubuntu4)
wily_mysql-5.6: not-affected (5.6.23-1~exp1~ubuntu4)
devel_mysql-5.6: not-affected (5.6.23-1~exp1~ubuntu4)

Patches_mariadb-5.5:
upstream_mariadb-5.5: released (5.5.29)
lucid_mariadb-5.5: DNE
precise_mariadb-5.5: DNE
trusty_mariadb-5.5: not-affected (5.5.36-1)
trusty/esm_mariadb-5.5: DNE (trusty was not-affected [5.5.36-1])
utopic_mariadb-5.5: not-affected (5.5.36-1)
vivid_mariadb-5.5: DNE
wily_mariadb-5.5: DNE
devel_mariadb-5.5: DNE