Oracle MySQL GRANT Command Stack Buffer Overflow Vulnerability
Schweregrad: : Medium
Identificador(es) CVE: : CVE-2012-5611
Data do informe: 21 julho 2015
Descrição
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
nvd: per http://www.openwall.com/lists/oss-security/2012/12/02/3, this vulnerability is only on linux-based software installations
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1005266
Trend Micro Deep Security DPI Rule Name: 1005266 - Oracle MySQL GRANT Command Stack Buffer Overflow Vulnerability
Software infectado e versão:
- Oracle MySQL 5.5.28 and prior