CVE-2012-5615 (retired)

Priority
Description
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a,
5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different
error messages with different time delays depending on whether a user name
exists, which allows remote attackers to enumerate valid usernames.
Package
Upstream:released (5.5.29)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (5.5.36-1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (5.5.39)
Ubuntu 14.04 LTS (Trusty Tahr):released (5.5.40-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4676
Package
Upstream:released (5.6.20)
Ubuntu 14.04 LTS (Trusty Tahr):released (5.6.27-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (5.6.23-1~exp1~ubuntu4)
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-03-26 12:04:55 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)