CVE-2012-5611

MEDIUM

Description

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

References

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html

http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html

http://rhn.redhat.com/errata/RHSA-2012-1551.html

http://rhn.redhat.com/errata/RHSA-2013-0180.html

http://seclists.org/fulldisclosure/2012/Dec/4

http://secunia.com/advisories/51443

http://secunia.com/advisories/53372

http://security.gentoo.org/glsa/glsa-201308-06.xml

http://www.debian.org/security/2012/dsa-2581

http://www.exploit-db.com/exploits/23075

http://www.mandriva.com/security/advisories?name=MDVSA-2013:102

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.openwall.com/lists/oss-security/2012/12/02/3

http://www.openwall.com/lists/oss-security/2012/12/02/4

http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

http://www.ubuntu.com/usn/USN-1658-1

http://www.ubuntu.com/usn/USN-1703-1

https://kb.askmonty.org/en/mariadb-5166-release-notes/

https://kb.askmonty.org/en/mariadb-5213-release-notes/

https://kb.askmonty.org/en/mariadb-5311-release-notes/

https://kb.askmonty.org/en/mariadb-5528a-release-notes/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395

Details

Source: MITRE

Published: 2012-12-03

Updated: 2017-09-19

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM