Vulnerability Description
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mariadb | Mariadb | 5.1.41 |
| Oracle | Mysql | 5.1.53 |
| Linux | Linux Kernel | - |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.htmlMailing ListThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1551.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0180.htmlThird Party Advisory
- http://seclists.org/fulldisclosure/2012/Dec/4Mailing ListThird Party Advisory
- http://secunia.com/advisories/51443Broken Link
- http://secunia.com/advisories/53372Broken Link
- http://security.gentoo.org/glsa/glsa-201308-06.xmlThird Party Advisory
- http://www.debian.org/security/2012/dsa-2581Third Party Advisory
- http://www.exploit-db.com/exploits/23075Third Party AdvisoryVDB Entry
FAQ
What is CVE-2012-5611?
CVE-2012-5611 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x be...
How severe is CVE-2012-5611?
CVE-2012-5611 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5611?
Check the references section above for vendor advisories and patch information. Affected products include: Mariadb Mariadb, Oracle Mysql, Linux Linux Kernel.