Vulnerabilities > CVE-2012-5611 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. per http://www.openwall.com/lists/oss-security/2012/12/02/3, this vulnerability is only on linux-based software installations
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
description | MySQL (Linux) - Stack Based Buffer Overrun PoC (0day). CVE-2012-5611. Dos exploit for linux platform |
file | exploits/linux/dos/23075.pl |
id | EDB-ID:23075 |
last seen | 2016-02-02 |
modified | 2012-12-02 |
platform | linux |
port | |
published | 2012-12-02 |
reporter | kingcope |
source | https://www.exploit-db.com/download/23075/ |
title | MySQL Linux - Stack Based Buffer Overrun PoC 0day |
type | dos |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201308-06.NASL description The remote host is affected by the vulnerability described in GLSA-201308-06 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 69508 published 2013-08-30 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69508 title GLSA-201308-06 : MySQL: Multiple vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-178.NASL description A vulnerability was discovered and corrected in mysql : Stack-based buffer overflow in MySQL 5.5.19, 5.1.53, and possibly other versions, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command (CVE-2012-5611). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 63199 published 2012-12-10 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63199 title Mandriva Linux Security Advisory : mysql (MDVSA-2012:178) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-6.NASL description MariaDB was updated to 5.5.28a, fixing bugs and security issues : - Release notes: http://kb.askmonty.org/v/mariadb-5528a-release-notes http://kb.askmonty.org/v/mariadb-5528-release-notes http://kb.askmonty.org/v/mariadb-5527-release-notes - Changelog: http://kb.askmonty.org/v/mariadb-5528a-changelog http://kb.askmonty.org/v/mariadb-5528-changelog http://kb.askmonty.org/v/mariadb-5527-changelog last seen 2020-06-05 modified 2014-06-13 plugin id 75141 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75141 title openSUSE Security Update : mariadb (openSUSE-SU-2013:0011-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-5.NASL description mysql community server was updated to 5.5.28, fixing bugs and security issues. See http://dev.mysql.com/doc/refman/5.5/en/news-5-5-27.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-28.html last seen 2020-06-05 modified 2014-06-13 plugin id 75093 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75093 title openSUSE Security Update : mysql-community-server (openSUSE-SU-2013:0013-1) NASL family Databases NASL id MARIADB_5_2_13.NASL description The version of MariaDB 5.2 running on the remote host is prior to 5.2.13. It is, therefore, affected by a buffer overflow vulnerability. A remote, authenticated attacker could exploit this to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 63148 published 2012-12-04 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63148 title MariaDB 5.2 < 5.2.13 Buffer Overflow NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-102.NASL description Updated mariadb packages includes fixes for the following security vulnerabilities : Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client (CVE-2012-3147). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol (CVE-2012-3158). Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete (CVE-2012-4414). Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command (CVE-2012-5611). A buffer overflow that can cause a server crash or arbitrary code execution (a variant of CVE-2012-5611) Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands (CVE-2012-5612). MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames (CVE-2012-5615). Be advised that for CVE-2012-5615 to be completely closed, it last seen 2020-06-01 modified 2020-06-02 plugin id 66114 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66114 title Mandriva Linux Security Advisory : mariadb (MDVSA-2013:102) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0180.NASL description Updated mysql packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. (CVE-2012-5611) A flaw was found in the way MySQL calculated the key length when creating a sort order index for certain queries. An authenticated database user could use this flaw to crash the mysqld daemon. (CVE-2012-2749) This update also adds a patch for a potential flaw in the MySQL password checking function, which could allow an attacker to log into any MySQL account without knowing the correct password. This problem (CVE-2012-2122) only affected MySQL packages that use a certain compiler and C library optimization. It did not affect the mysql packages in Red Hat Enterprise Linux 5. The patch is being added as a preventive measure to ensure this problem cannot get exposed in future revisions of the mysql packages. (BZ#814605) All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 63663 published 2013-01-23 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63663 title RHEL 5 : mysql (RHSA-2013:0180) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-144.NASL description A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. (CVE-2012-5611) last seen 2020-06-01 modified 2020-06-02 plugin id 69634 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69634 title Amazon Linux AMI : mysql55 (ALAS-2012-144) NASL family Databases NASL id MARIADB_5_5_29.NASL description The version of MariaDB 5.5 running on the remote host is prior to 5.5.29. It is, therefore, potentially affected by vulnerabilities in the following components : - Information Schema - InnoDB - MyISAM - Server - Server Locking - Server Optimizer - Server Parser - Server Partition - Server Privileges - Server Replication - Stored Procedure last seen 2020-06-01 modified 2020-06-02 plugin id 64935 published 2013-02-28 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64935 title MariaDB 5.5 < 5.5.29 Multiple Vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0180.NASL description Updated mysql packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. (CVE-2012-5611) A flaw was found in the way MySQL calculated the key length when creating a sort order index for certain queries. An authenticated database user could use this flaw to crash the mysqld daemon. (CVE-2012-2749) This update also adds a patch for a potential flaw in the MySQL password checking function, which could allow an attacker to log into any MySQL account without knowing the correct password. This problem (CVE-2012-2122) only affected MySQL packages that use a certain compiler and C library optimization. It did not affect the mysql packages in Red Hat Enterprise Linux 5. The patch is being added as a preventive measure to ensure this problem cannot get exposed in future revisions of the mysql packages. (BZ#814605) All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 63672 published 2013-01-24 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63672 title CentOS 5 : mysql (CESA-2013:0180) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8C773D7F6CBB11E2B242C8600054B392.NASL description ORACLE reports : Multiple SQL injection vulnerabilities in the replication code Stack-based buffer overflow Heap-based buffer overflow last seen 2020-06-01 modified 2020-06-02 plugin id 64421 published 2013-02-04 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64421 title FreeBSD : mysql/mariadb/percona server -- multiple vulnerabilities (8c773d7f-6cbb-11e2-b242-c8600054b392) NASL family Databases NASL id MARIADB_5_1_66.NASL description The version of MariaDB 5.1 running on the remote host is prior to 5.1.66. It is, therefore, affected by a buffer overflow vulnerability. A remote, authenticated attacker could exploit this to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 63147 published 2012-12-04 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63147 title MariaDB 5.1 < 5.1.66 Buffer Overflow NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-145.NASL description A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. (CVE-2012-5611) last seen 2020-06-01 modified 2020-06-02 plugin id 69635 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69635 title Amazon Linux AMI : mysql51 (ALAS-2012-145) NASL family Databases NASL id MARIADB_5_5_28A.NASL description The version of MariaDB 5.5 running on the remote host is prior to 5.5.28a. It is, therefore, affected by a buffer overflow vulnerability. A remote, authenticated attacker can exploit this to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 63150 published 2012-12-04 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63150 title MariaDB 5.5 < 5.5.28a Buffer Overflow NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1551.NASL description From Red Hat Security Advisory 2012:1551 : Updated mysql packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. (CVE-2012-5611) All MySQL users should upgrade to these updated packages, which correct this issue. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68665 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68665 title Oracle Linux 6 : mysql (ELSA-2012-1551) NASL family Databases NASL id MARIADB_5_3_11.NASL description The version of MariaDB 5.3 running on the remote host is prior to 5.3.11. It is, therefore, affected by a buffer overflow vulnerability. A remote, authenticated attacker could exploit this to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 63149 published 2012-12-04 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63149 title MariaDB 5.3 < 5.3.11 Buffer Overflow NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0180.NASL description From Red Hat Security Advisory 2013:0180 : Updated mysql packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. (CVE-2012-5611) A flaw was found in the way MySQL calculated the key length when creating a sort order index for certain queries. An authenticated database user could use this flaw to crash the mysqld daemon. (CVE-2012-2749) This update also adds a patch for a potential flaw in the MySQL password checking function, which could allow an attacker to log into any MySQL account without knowing the correct password. This problem (CVE-2012-2122) only affected MySQL packages that use a certain compiler and C library optimization. It did not affect the mysql packages in Red Hat Enterprise Linux 5. The patch is being added as a preventive measure to ensure this problem cannot get exposed in future revisions of the mysql packages. (BZ#814605) All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68713 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68713 title Oracle Linux 5 : mysql (ELSA-2013-0180) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1551.NASL description Updated mysql packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. (CVE-2012-5611) All MySQL users should upgrade to these updated packages, which correct this issue. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 63190 published 2012-12-09 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63190 title RHEL 6 : mysql (RHSA-2012:1551) NASL family Fedora Local Security Checks NASL id FEDORA_2012-19823.NASL description - Add patch for CVE-2012-5611 - Widen DH key length from 512 to 1024 bits to meet minimum requirements of FIPS 140-2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-12-24 plugin id 63328 published 2012-12-24 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63328 title Fedora 16 : mysql-5.5.28-2.fc16 (2012-19823) NASL family Databases NASL id MARIADB_5_1_67.NASL description The version of MariaDB 5.1 running on the remote host is prior to 5.1.67. It is, therefore, potentially affected by vulnerabilities in the following components : - Information Schema - InnoDB - Server - Server Locking - Server Optimizer - Server Privileges - Server Replication last seen 2020-06-01 modified 2020-06-02 plugin id 64932 published 2013-02-28 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64932 title MariaDB 5.1 < 5.1.67 Multiple Vulnerabilities NASL family Databases NASL id MARIADB_5_3_12.NASL description The version of MariaDB 5.3 running on the remote host is prior to 5.3.12. It is, therefore, potentially affected by vulnerabilities in the following components : - Information Schema - InnoDB - Server - Server Locking - Server Optimizer - Server Privileges - Server Replication last seen 2020-06-01 modified 2020-06-02 plugin id 64934 published 2013-02-28 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64934 title MariaDB 5.3 < 5.3.12 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2012-19868.NASL description - Add patch for CVE-2012-5611 - Widen DH key length from 512 to 1024 bits to meet minimum requirements of FIPS 140-2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-01-14 plugin id 63485 published 2013-01-14 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63485 title Fedora 18 : mysql-5.5.28-2.fc18 (2012-19868) NASL family Databases NASL id MYSQL_5_1_67.NASL description The version of MySQL 5.1 installed on the remote host is earlier than 5.1.67 and is, therefore, affected by vulnerabilities in the following components : - Information Schema - InnoDB - Server - Server Locking - Server Optimizer - Server Privileges - Server Replication last seen 2020-06-01 modified 2020-06-02 plugin id 63617 published 2013-01-18 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63617 title MySQL 5.1 < 5.1.67 Multiple Vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1703-1.NASL description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.67 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.29. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-67.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-29.html http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.h tml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 63668 published 2013-01-23 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63668 title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-1703-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1658-1.NASL description It was discovered that MySQL incorrectly handled certain long arguments. A remote authenticated attacker could use this issue to possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 63219 published 2012-12-11 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63219 title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerability (USN-1658-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-4.NASL description MariaDB was updated to 5.2.13. - Release notes: http://kb.askmonty.org/v/mariadb-5213-release-notes - Changelog: http://kb.askmonty.org/v/mariadb-5213-changelog last seen 2020-06-05 modified 2014-06-13 plugin id 75036 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75036 title openSUSE Security Update : mariadb (openSUSE-SU-2013:0014-1) NASL family Scientific Linux Local Security Checks NASL id SL_20121207_MYSQL_ON_SL6_X.NASL description A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. (CVE-2012-5611) After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. last seen 2020-03-18 modified 2012-12-09 plugin id 63192 published 2012-12-09 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63192 title Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20121207) NASL family Fedora Local Security Checks NASL id FEDORA_2012-19833.NASL description - Add patch for CVE-2012-5611 - Widen DH key length from 512 to 1024 bits to meet minimum requirements of FIPS 140-2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-12-17 plugin id 63276 published 2012-12-17 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63276 title Fedora 17 : mysql-5.5.28-2.fc17 (2012-19833) NASL family Scientific Linux Local Security Checks NASL id SL_20130122_MYSQL_ON_SL5_X.NASL description A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. (CVE-2012-5611) A flaw was found in the way MySQL calculated the key length when creating a sort order index for certain queries. An authenticated database user could use this flaw to crash the mysqld daemon. (CVE-2012-2749) This update also adds a patch for a potential flaw in the MySQL password checking function, which could allow an attacker to log into any MySQL account without knowing the correct password. This problem (CVE-2012-2122) only affected MySQL packages that use a certain compiler and C library optimization. It did not affect the mysql packages in Scientific Linux 5. The patch is being added as a preventive measure to ensure this problem cannot get exposed in future revisions of the mysql packages. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. last seen 2020-03-18 modified 2013-01-24 plugin id 63678 published 2013-01-24 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63678 title Scientific Linux Security Update : mysql on SL5.x i386/x86_64 (20130122) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2581.NASL description Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects. These changes are described in the MySQL release notes. Additionally, CVE-2012-5611 has been fixed in this upload. The vulnerability (discovered independently by Tomas Hoger from the Red Hat Security Response Team and last seen 2020-03-17 modified 2012-12-05 plugin id 63151 published 2012-12-05 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63151 title Debian DSA-2581-1 : mysql-5.1 - several vulnerabilities NASL family Databases NASL id MYSQL_5_5_29.NASL description The version of MySQL 5.5 installed on the remote host is earlier than 5.5.29 and is, therefore, affected by vulnerabilities in the following components : - Information Schema - InnoDB - MyISAM - Server - Server Locking - Server Optimizer - Server Parser - Server Partition - Server Privileges - Server Replication - Stored Procedure last seen 2020-06-01 modified 2020-06-02 plugin id 63618 published 2013-01-18 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63618 title MySQL 5.5 < 5.5.29 Multiple Vulnerabilities NASL family Databases NASL id MARIADB_5_2_14.NASL description The version of MariaDB 5.2 running on the remote host is prior to 5.2.14. It is, therefore, potentially affected by vulnerabilities in the following components : - Information Schema - InnoDB - Server - Server Locking - Server Optimizer - Server Privileges - Server Replication last seen 2020-06-01 modified 2020-06-02 plugin id 64933 published 2013-02-28 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64933 title MariaDB 5.2 < 5.2.14 Multiple Vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1551.NASL description Updated mysql packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. (CVE-2012-5611) All MySQL users should upgrade to these updated packages, which correct this issue. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 63207 published 2012-12-11 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63207 title CentOS 6 : mysql (CESA-2012:1551) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBMYSQLCLIENT-DEVEL-121227.NASL description A stack-based buffer overflow in MySQL has been fixed that could have caused a Denial of Service or potentially allowed the execution of arbitrary code. (CVE-2012-5611) last seen 2020-06-05 modified 2013-02-10 plugin id 64531 published 2013-02-10 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64531 title SuSE 11.2 Security Update : MySQL (SAT Patch Number 7251) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-007.NASL description This is a maintenance and bugfix release that upgrades mysql to the latest version which resolves various upstream bugs and a total of 18 security related bugs (CVE-2012-0572, CVE-2012-0574, CVE-2012-0578, CVE-2012-1702, CVE-2012-1705, CVE-2012-5060, CVE-2012-5096, CVE-2012-5611, CVE-2012-5612, CVE-2013-0367, CVE-2013-0368, CVE-2013-0371, CVE-2013-0375, CVE-2013-0383, CVE-2013-0384, CVE-2013-0385, CVE-2013-0386, CVE-2013-0389). Please consult the Oracle security matrix for further information regarding these security issues and the MySQL release notes. last seen 2020-06-01 modified 2020-06-02 plugin id 64505 published 2013-02-09 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64505 title Mandriva Linux Security Advisory : mysql (MDVSA-2013:007)
Oval
accepted | 2015-06-01T04:00:10.778-04:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
definition_extensions |
| ||||||||
description | Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. | ||||||||
family | windows | ||||||||
id | oval:org.mitre.oval:def:16395 | ||||||||
status | accepted | ||||||||
submitted | 2013-04-29T10:26:26.748+04:00 | ||||||||
title | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution | ||||||||
version | 20 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/118550/mysql_bufferoverrun.pl.txt |
id | PACKETSTORM:118550 |
last seen | 2016-12-05 |
published | 2012-12-03 |
reporter | Kingcope |
source | https://packetstormsecurity.com/files/118550/Oracle-MySQL-Server-5.5.19-log-Stack-Based-Overrun.html |
title | Oracle MySQL Server 5.5.19-log Stack-Based Overrun |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:60545 |
last seen | 2017-11-19 |
modified | 2012-12-28 |
published | 2012-12-28 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-60545 |
title | MySQL Stack Buffer Overflow Linux x86 32bits (bypass SSP/RELRO/NX/ASLR) |
References
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html
- http://rhn.redhat.com/errata/RHSA-2012-1551.html
- http://rhn.redhat.com/errata/RHSA-2013-0180.html
- http://seclists.org/fulldisclosure/2012/Dec/4
- http://secunia.com/advisories/51443
- http://secunia.com/advisories/53372
- http://security.gentoo.org/glsa/glsa-201308-06.xml
- http://www.debian.org/security/2012/dsa-2581
- http://www.exploit-db.com/exploits/23075
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:102
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.openwall.com/lists/oss-security/2012/12/02/3
- http://www.openwall.com/lists/oss-security/2012/12/02/4
- http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
- http://www.ubuntu.com/usn/USN-1658-1
- http://www.ubuntu.com/usn/USN-1703-1
- https://kb.askmonty.org/en/mariadb-5166-release-notes/
- https://kb.askmonty.org/en/mariadb-5213-release-notes/
- https://kb.askmonty.org/en/mariadb-5311-release-notes/
- https://kb.askmonty.org/en/mariadb-5528a-release-notes/
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395