Oracle MySQL GRANT Command Stack Buffer Overflow Vulnerability

2015年7月21日

Email
Facebook
Twitter
Google+
Linkedin

危険度: : 中

CVE識別番号: CVE-2012-5611

概要

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. nvd: per http://www.openwall.com/lists/oss-security/2012/12/02/3, this vulnerability is only on linux-based software installations

トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

対応方法

Trend Micro Deep Security DPI Rule Number: 1005266

Trend Micro Deep Security DPI Rule Name: 1005266 - Oracle MySQL GRANT Command Stack Buffer Overflow Vulnerability

影響を受けるソフトウェア

Oracle MySQL 5.5.28 and prior