CVE-2012-5611
published 2012-12-03CVE-2012-5611: Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and…
PriorityP351medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
24.56%
97.6th percentile
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Affected
46 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
| mariadb | mariadb | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring for extremely long (e.g., 100,000-byte) arguments passed to the MySQL GRANT FILE command, which triggers the stack-based buffer overflow in acl_get(). ↗
- →A successful exploit causes mysqld to crash with a segmentation fault (signal 11) and overwrites the instruction pointer with attacker-controlled data (e.g., 0x41414141); monitor for mysqld core dumps in /var/lib/mysql/. ↗
- →The vulnerability is post-authentication; alert on authenticated MySQL sessions issuing GRANT FILE with abnormally long database-name arguments. ↗
- →Successful exploitation yields OS-level code execution as the 'mysql' service account; correlate mysqld crashes with subsequent unexpected child processes owned by the mysql user. ↗
- ·The overflow is triggered via the GRANT FILE command specifically; the vulnerable code path is in the acl_get() function. Only authenticated database users can trigger this — no unauthenticated attack vector exists. ↗
- ·Affected versions span multiple MySQL and MariaDB branches; detections should cover MySQL 5.1.x through 5.1.66, 5.5.x through 5.5.28, and MariaDB 5.1.x/5.2.x/5.3.x/5.5.2.x prior to their respective patched releases. ↗
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2013-01-22
CVE-2012-0572 MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: Several security issues were fixed in MySQL.
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.1.67 in Ubuntu 10.04 LTS and Ubuntu 11.10.
Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.29.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-67.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-29.html
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
Instructions: In general, a standard system update will make all the necessary
Ubuntu
MySQL vulnerability
vendor_ubuntu·2012-12-10
CVE-2012-5611 MySQL vulnerability
Title: MySQL vulnerability
Summary: MySQL could be made to run programs if it received specially crafted
network traffic from an authenticated user.
It was discovered that MySQL incorrectly handled certain long arguments. A
remote authenticated attacker could use this issue to possibly execute
arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
mysql: acl_get() stack-based buffer overflow
vendor_redhat·2012-11-29·CVSS 6.5
CVE-2012-5611 [MEDIUM] CWE-121 mysql: acl_get() stack-based buffer overflow
mysql: acl_get() stack-based buffer overflow
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
GHSA
GHSA-gcrp-g698-23xq: Stack-based buffer overflow in the acl_get function in Oracle MySQL 5
ghsa_unreviewed·2022-05-17
CVE-2012-5611 [MEDIUM] CWE-119 GHSA-gcrp-g698-23xq: Stack-based buffer overflow in the acl_get function in Oracle MySQL 5
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
No detection rules found.
Bugzilla
mysql: Oracle CPU January 2013
bugzilla·2013-01-15·CVSS 6.5
CVE-2012-5611 [MEDIUM] mysql: Oracle CPU January 2013
mysql: Oracle CPU January 2013
This bug is for Oracle Critical Patch Update Advisory - January 2013:
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
Pre-release of the advisory indicates that it will include 18 CVEs for MySQL, 2 of them remotely exploitable without authentication.
This update is likely to mention previously published issues as CVE-2012-5611 (bug 881064, comment 21) and CVE-2012-5612 (bug 882600).
Discussion:
MySQL risk matrix:
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html#AppendixMSQL
Fixes are included in version 5.1.67 and 5.5.29.
Previous CPU for MySQL was released in October 2012 (bug 870399) and covered issues up to versions 5.1.66 and 5.5.28. Hence these are releases since the last CPU:
http://dev.mysql.c
Bugzilla
CVE-2012-5611 mysql: acl_get() stack-based buffer overflow [fedora-all]
bugzilla·2012-12-05·CVSS 6.5
CVE-2012-5611 [MEDIUM] CVE-2012-5611 mysql: acl_get() stack-based buffer overflow [fedora-all]
CVE-2012-5611 mysql: acl_get() stack-based buffer overflow [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects m
Bugzilla
mysql: Stack-based buffer overflow
bugzilla·2012-12-02·CVSS 6.5
CVE-2012-5611 [MEDIUM] mysql: Stack-based buffer overflow
mysql: Stack-based buffer overflow
A stack-based buffer overflow was found in Mysql. An authenticated database user could use this flaw to cause mysqld to crash or possibly execute arbitrary code with the privileges of the user running mysql.
Reference:
http://seclists.org/fulldisclosure/2012/Dec/4
Discussion:
This flaw was assigned CVE-2012-5611
---
*** This bug has been marked as a duplicate of bug 881064 ***
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.htmlhttp://lists.opensuse.org/opensuse-updates/2013-09/msg00010.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1551.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0180.htmlhttp://seclists.org/fulldisclosure/2012/Dec/4http://secunia.com/advisories/51443http://secunia.com/advisories/53372http://security.gentoo.org/glsa/glsa-201308-06.xmlhttp://www.debian.org/security/2012/dsa-2581http://www.exploit-db.com/exploits/23075http://www.mandriva.com/security/advisories?name=MDVSA-2013:102http://www.mandriva.com/security/advisories?name=MDVSA-2013:150http://www.openwall.com/lists/oss-security/2012/12/02/3http://www.openwall.com/lists/oss-security/2012/12/02/4http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.htmlhttp://www.ubuntu.com/usn/USN-1658-1http://www.ubuntu.com/usn/USN-1703-1https://kb.askmonty.org/en/mariadb-5166-release-notes/https://kb.askmonty.org/en/mariadb-5213-release-notes/https://kb.askmonty.org/en/mariadb-5311-release-notes/https://kb.askmonty.org/en/mariadb-5528a-release-notes/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.htmlhttp://lists.opensuse.org/opensuse-updates/2013-09/msg00010.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1551.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0180.htmlhttp://seclists.org/fulldisclosure/2012/Dec/4http://secunia.com/advisories/51443http://secunia.com/advisories/53372http://security.gentoo.org/glsa/glsa-201308-06.xmlhttp://www.debian.org/security/2012/dsa-2581http://www.exploit-db.com/exploits/23075http://www.mandriva.com/security/advisories?name=MDVSA-2013:102http://www.mandriva.com/security/advisories?name=MDVSA-2013:150http://www.openwall.com/lists/oss-security/2012/12/02/3http://www.openwall.com/lists/oss-security/2012/12/02/4http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.htmlhttp://www.ubuntu.com/usn/USN-1658-1http://www.ubuntu.com/usn/USN-1703-1https://kb.askmonty.org/en/mariadb-5166-release-notes/https://kb.askmonty.org/en/mariadb-5213-release-notes/https://kb.askmonty.org/en/mariadb-5311-release-notes/https://kb.askmonty.org/en/mariadb-5528a-release-notes/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395
2012-12-03
Published