National Cyber Awareness System

Vulnerability Summary for CVE-2012-5611

Overview

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

Description

per http://www.openwall.com/lists/oss-security/2012/12/02/3, this vulnerability is only on linux-based software installations

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: UBUNTU

Name: USN-1703-1

Hyperlink:http://www.ubuntu.com/usn/USN-1703-1

External Source: UBUNTU

Name: USN-1658-1

Hyperlink:http://www.ubuntu.com/usn/USN-1658-1

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

Hyperlink:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

External Source: MLIST

Name: [oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday

Hyperlink:http://www.openwall.com/lists/oss-security/2012/12/02/4

External Source: MLIST

Name: [oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday

Hyperlink:http://www.openwall.com/lists/oss-security/2012/12/02/3

External Source: EXPLOIT-DB

Name: 23075

Hyperlink:http://www.exploit-db.com/exploits/23075

External Source: DEBIAN

Name: DSA-2581

Hyperlink:http://www.debian.org/security/2012/dsa-2581

External Source: FULLDISC

Name: 20121201 MySQL (Linux) Stack based buffer overrun PoC Zeroday

Hyperlink:http://seclists.org/fulldisclosure/2012/Dec/4

External Source: REDHAT

Name: RHSA-2013:0180

Hyperlink:http://rhn.redhat.com/errata/RHSA-2013-0180.html

External Source: REDHAT

Name: RHSA-2012:1551

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-1551.html

External Source: SUSE

Name: SUSE-SU-2013:0262

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html

External Source: SUSE

Name: openSUSE-SU-2013:0156

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html

External Source: SUSE

Name: openSUSE-SU-2013:0135

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html

External Source: SUSE

Name: openSUSE-SU-2013:0014

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html

External Source: SUSE

Name: openSUSE-SU-2013:0013

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html

External Source: SUSE

Name: openSUSE-SU-2013:0011

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html