CVE-2012-5611

MEDIUM

Description

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

References

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html

http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html

http://rhn.redhat.com/errata/RHSA-2012-1551.html

http://rhn.redhat.com/errata/RHSA-2013-0180.html

http://seclists.org/fulldisclosure/2012/Dec/4

http://secunia.com/advisories/51443

http://secunia.com/advisories/53372

http://security.gentoo.org/glsa/glsa-201308-06.xml

http://www.debian.org/security/2012/dsa-2581

http://www.exploit-db.com/exploits/23075

http://www.mandriva.com/security/advisories?name=MDVSA-2013:102

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.openwall.com/lists/oss-security/2012/12/02/3

http://www.openwall.com/lists/oss-security/2012/12/02/4

http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

http://www.ubuntu.com/usn/USN-1658-1

http://www.ubuntu.com/usn/USN-1703-1

https://kb.askmonty.org/en/mariadb-5166-release-notes/

https://kb.askmonty.org/en/mariadb-5213-release-notes/

https://kb.askmonty.org/en/mariadb-5311-release-notes/

https://kb.askmonty.org/en/mariadb-5528a-release-notes/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395

Details

Source: MITRE

Published: 2012-12-03

Updated: 2017-09-19

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:mariadb:mariadb:5.1.41:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.42:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.44:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.47:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.49:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.50:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.51:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.53:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.55:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.60:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.61:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.62:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.4:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.5:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.6:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.7:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.8:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.9:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.10:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.11:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.12:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.4:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.5:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.6:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.7:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.8:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.9:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.10:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.21:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.22:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.23:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.24:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.25:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.27:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.28:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.53:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*

OR

cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:*

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
9278MariaDB Server 5.5.x < 5.5.29 Multiple Buffer OverflowsNessus Network MonitorDatabase
medium
75141openSUSE Security Update : mariadb (openSUSE-SU-2013:0011-1)NessusSuSE Local Security Checks
medium
75093openSUSE Security Update : mysql-community-server (openSUSE-SU-2013:0013-1)NessusSuSE Local Security Checks
medium
75036openSUSE Security Update : mariadb (openSUSE-SU-2013:0014-1)NessusSuSE Local Security Checks
medium
69635Amazon Linux AMI : mysql51 (ALAS-2012-145)NessusAmazon Linux Local Security Checks
medium
69634Amazon Linux AMI : mysql55 (ALAS-2012-144)NessusAmazon Linux Local Security Checks
medium
69508GLSA-201308-06 : MySQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
68713Oracle Linux 5 : mysql (ELSA-2013-0180)NessusOracle Linux Local Security Checks
medium
68665Oracle Linux 6 : mysql (ELSA-2012-1551)NessusOracle Linux Local Security Checks
medium
66114Mandriva Linux Security Advisory : mariadb (MDVSA-2013:102)NessusMandriva Local Security Checks
high
64935MariaDB 5.5 < 5.5.29 Multiple VulnerabilitiesNessusDatabases
medium
64934MariaDB 5.3 < 5.3.12 Multiple VulnerabilitiesNessusDatabases
medium
64933MariaDB 5.2 < 5.2.14 Multiple VulnerabilitiesNessusDatabases
medium
64932MariaDB 5.1 < 5.1.67 Multiple VulnerabilitiesNessusDatabases
medium
64531SuSE 11.2 Security Update : MySQL (SAT Patch Number 7251)NessusSuSE Local Security Checks
medium
64505Mandriva Linux Security Advisory : mysql (MDVSA-2013:007)NessusMandriva Local Security Checks
medium
64421FreeBSD : mysql/mariadb/percona server -- multiple vulnerabilities (8c773d7f-6cbb-11e2-b242-c8600054b392)NessusFreeBSD Local Security Checks
medium
801126MySQL Server 5.5.x < 5.5.29 Multiple VulnerabilitiesLog Correlation EngineDatabase
high
6674Oracle MySQL Server 5.5.x < 5.5.29 Multiple VulnerabilitiesNessus Network MonitorDatabase
high
63678Scientific Linux Security Update : mysql on SL5.x i386/x86_64 (20130122)NessusScientific Linux Local Security Checks
medium
63672CentOS 5 : mysql (CESA-2013:0180)NessusCentOS Local Security Checks
medium
63668Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-1703-1)NessusUbuntu Local Security Checks
medium
63663RHEL 5 : mysql (RHSA-2013:0180)NessusRed Hat Local Security Checks
medium
63618MySQL 5.5 < 5.5.29 Multiple VulnerabilitiesNessusDatabases
medium
63617MySQL 5.1 < 5.1.67 Multiple VulnerabilitiesNessusDatabases
medium
63485Fedora 18 : mysql-5.5.28-2.fc18 (2012-19868)NessusFedora Local Security Checks
medium
63328Fedora 16 : mysql-5.5.28-2.fc16 (2012-19823)NessusFedora Local Security Checks
medium
63276Fedora 17 : mysql-5.5.28-2.fc17 (2012-19833)NessusFedora Local Security Checks
medium
63219Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerability (USN-1658-1)NessusUbuntu Local Security Checks
medium
63207CentOS 6 : mysql (CESA-2012:1551)NessusCentOS Local Security Checks
medium
63199Mandriva Linux Security Advisory : mysql (MDVSA-2012:178)NessusMandriva Local Security Checks
medium
63192Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20121207)NessusScientific Linux Local Security Checks
medium
63190RHEL 6 : mysql (RHSA-2012:1551)NessusRed Hat Local Security Checks
medium
63151Debian DSA-2581-1 : mysql-5.1 - several vulnerabilitiesNessusDebian Local Security Checks
high
63150MariaDB 5.5 < 5.5.28a Buffer OverflowNessusDatabases
medium
63149MariaDB 5.3 < 5.3.11 Buffer OverflowNessusDatabases
medium
63148MariaDB 5.2 < 5.2.13 Buffer OverflowNessusDatabases
medium
63147MariaDB 5.1 < 5.1.66 Buffer OverflowNessusDatabases
medium
801154MySQL Server 5.1.x < 5.1.67 Multiple VulnerabilitiesLog Correlation EngineDatabase
high
6675Oracle MySQL Server 5.1.x < 5.1.67 Multiple VulnerabilitiesNessus Network MonitorDatabase
high