PT-2012-6058 · Mariadb+4 · Mariadb+5
Huzaifa Sidhpurwala
·
Publicado
2012-11-29
·
Atualizado
2024-06-15
·
CVE-2012-5611
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Oracle MySQL versions 5.1.53 through 5.1.66
Oracle MySQL versions 5.5.19 through 5.5.28
MariaDB versions 5.1.x through 5.1.66
MariaDB versions 5.2.x through 5.2.13
MariaDB versions 5.3.x through 5.3.11
MariaDB versions 5.5.2.x through 5.5.28a
Description
The issue is a stack-based buffer overflow in the
acl get function, allowing remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.Recommendations
For Oracle MySQL versions 5.1.53 through 5.1.66, update to a version later than 5.1.66.
For Oracle MySQL versions 5.5.19 through 5.5.28, update to a version later than 5.5.28.
For MariaDB versions 5.1.x through 5.1.66, update to a version later than 5.1.66.
For MariaDB versions 5.2.x through 5.2.13, update to a version later than 5.2.13.
For MariaDB versions 5.3.x through 5.3.11, update to a version later than 5.3.11.
For MariaDB versions 5.5.2.x through 5.5.28a, update to a version later than 5.5.28a.
Exploit
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Centos
Mariadb
Mariadb Server
Mysql Server
Red Hat
Suse