CVE-2012-5611

high

Description

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395

https://kb.askmonty.org/en/mariadb-5528a-release-notes/

https://kb.askmonty.org/en/mariadb-5311-release-notes/

https://kb.askmonty.org/en/mariadb-5213-release-notes/

https://kb.askmonty.org/en/mariadb-5166-release-notes/

http://www.ubuntu.com/usn/USN-1703-1

http://www.ubuntu.com/usn/USN-1658-1

http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

http://www.openwall.com/lists/oss-security/2012/12/02/4

http://www.openwall.com/lists/oss-security/2012/12/02/3

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.mandriva.com/security/advisories?name=MDVSA-2013:102

http://www.exploit-db.com/exploits/23075

http://www.debian.org/security/2012/dsa-2581

http://security.gentoo.org/glsa/glsa-201308-06.xml

http://secunia.com/advisories/53372

http://secunia.com/advisories/51443

http://seclists.org/fulldisclosure/2012/Dec/4

http://rhn.redhat.com/errata/RHSA-2013-0180.html

http://rhn.redhat.com/errata/RHSA-2012-1551.html

http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html

Details

Source: Mitre, NVD

Published: 2012-12-03

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High