CVE-2012-5611
Published: 3 December 2012
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Priority
Status
Package | Release | Status |
---|---|---|
mysql-5.1 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Released
(5.1.66-0ubuntu0.11.10.3)
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Needs triage
|
|
mysql-5.5 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Released
(5.5.28-0ubuntu0.12.04.3)
|
|
quantal |
Released
(5.5.28-0ubuntu0.12.10.2)
|
|
upstream |
Needs triage
|
|
mysql-dfsg-5.1 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(5.1.66-0ubuntu0.10.04.3)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Needs triage
|
References
- http://seclists.org/fulldisclosure/2012/Dec/4
- http://www.openwall.com/lists/oss-security/2012/12/02/4
- http://www.openwall.com/lists/oss-security/2012/12/02/3
- http://www.exploit-db.com/exploits/23075
- https://ubuntu.com/security/notices/USN-1658-1
- https://www.cve.org/CVERecord?id=CVE-2012-5611
- NVD
- Launchpad
- Debian