Amazon Linux AMI : mysql51 Buffer Overflow Vulnerability (ALAS-2012-145)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

The MITRE CVE database describes CVE-2012-5611 as :

Stack-based buffer overflow in MySQL 5.5.19, 5.1.53, and possibly
other versions, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before
5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote
authenticated users to execute arbitrary code via a long argument to
the GRANT FILE command.

See also :

http://www.nessus.org/u?7dc5025f

Solution :

Run 'yum update mysql51' to update your system.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69635 ()

Bugtraq ID:

CVE ID: CVE-2012-5611