Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5611

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-5611
Last Modified 20 Feb 2014 11:55:22
Published 03 Dec 2012 07:49:43
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-5611

Summary

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

Vulnerable Systems

Application

  • Mariadb 5.1.41

  • Mariadb 5.1.42

  • Mariadb 5.1.44

  • Mariadb 5.1.47

  • Mariadb 5.1.49

  • Mariadb 5.1.50

  • Mariadb 5.1.51

  • Mariadb 5.1.53

  • Mariadb 5.1.55

  • Mariadb 5.1.60

  • Mariadb 5.1.61

  • Mariadb 5.1.62

  • Mariadb 5.2.0

  • Mariadb 5.2.1

  • Mariadb 5.2.10

  • Mariadb 5.2.11

  • Mariadb 5.2.12

  • Mariadb 5.2.2

  • Mariadb 5.2.3

  • Mariadb 5.2.4

  • Mariadb 5.2.5

  • Mariadb 5.2.6

  • Mariadb 5.2.7

  • Mariadb 5.2.8

  • Mariadb 5.2.9

  • Mariadb 5.3.0

  • Mariadb 5.3.1

  • Mariadb 5.3.10

  • Mariadb 5.3.2

  • Mariadb 5.3.3

  • Mariadb 5.3.4

  • Mariadb 5.3.5

  • Mariadb 5.3.6

  • Mariadb 5.3.7

  • Mariadb 5.3.8

  • Mariadb 5.3.9

  • Mariadb 5.5.20

  • Mariadb 5.5.21

  • Mariadb 5.5.22

  • Mariadb 5.5.23

  • Mariadb 5.5.24

  • Mariadb 5.5.25

  • Mariadb 5.5.27

  • Mariadb 5.5.28

  • Oracle Mysql 5.1.53

  • Oracle Mysql 5.5.19


References

MLIST - [oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday

EXPLOIT-DB - 23075

FULLDISC - 20121201 MySQL (Linux) Stack based buffer overrun PoC Zeroday

UBUNTU - USN-1658-1

REDHAT - RHSA-2012:1551

SUSE - openSUSE-SU-2013:0013

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

UBUNTU - USN-1703-1

REDHAT - RHSA-2013:0180

SUSE - openSUSE-SU-2013:0156

SUSE - openSUSE-SU-2013:0135

SUSE - openSUSE-SU-2013:0014

SUSE - openSUSE-SU-2013:0011

DEBIAN - DSA-2581

SUSE - SUSE-SU-2013:0262

CONFIRM - https://kb.askmonty.org/en/mariadb-5528a-release-notes/

CONFIRM - https://kb.askmonty.org/en/mariadb-5311-release-notes/

CONFIRM - https://kb.askmonty.org/en/mariadb-5213-release-notes/

CONFIRM - https://kb.askmonty.org/en/mariadb-5166-release-notes/

SECUNIA - 51443

SUSE - openSUSE-SU-2013:1412

MANDRIVA - MDVSA-2013:150

GENTOO - GLSA-201308-06

MANDRIVA - MDVSA-2013:102

SECUNIA - 53372

Related Patches

Red Hat 2013:0180-01 RHSA Important: mysql security update for RHEL 5 x86

Novell SUSE 2012:7251 libmysqlclient-devel security update for SLE 11 SP2 i586

Novell SUSE 2012:7251 libmysqlclient-devel security update for SLE 11 SP2 x86_64


Last Updated: 27 May 2016 11:01:24