FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-5611

This CVE name corresponds to:

Entered Topic
2013-02-01 mysql/mariadb/percona server -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-5611
Phase Assigned(20121024)

Description

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

References

Source Reference
EXPLOIT-DB 23075
FULLDISC 20121201 MySQL (Linux) Stack based buffer overrun PoC Zeroday
MLIST [oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
MLIST [oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
CONFIRM https://kb.askmonty.org/en/mariadb-5166-release-notes/
CONFIRM https://kb.askmonty.org/en/mariadb-5213-release-notes/
CONFIRM https://kb.askmonty.org/en/mariadb-5311-release-notes/
CONFIRM https://kb.askmonty.org/en/mariadb-5528a-release-notes/
DEBIAN DSA-2581
GENTOO GLSA-201308-06
MANDRIVA MDVSA-2013:150
MANDRIVA MDVSA-2013:102
REDHAT RHSA-2012:1551
REDHAT RHSA-2013:0180
SUSE openSUSE-SU-2013:0013
SUSE openSUSE-SU-2013:0011
SUSE openSUSE-SU-2013:0014
SUSE openSUSE-SU-2013:0135
SUSE openSUSE-SU-2013:0156
SUSE SUSE-SU-2013:0262
SUSE openSUSE-SU-2013:1412
UBUNTU USN-1658-1
UBUNTU USN-1703-1
OVAL oval:org.mitre.oval:def:16395
SECUNIA 51443
SECUNIA 53372