Oracle MySQL GRANT Command Stack Buffer Overflow Vulnerability
Publish date: 21 de julio de 2015
Gravedad: Medio
Identificadores de CVE : CVE-2012-5611
Fecha recomendada: 21 de julio de 2015
Descripción
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
nvd: per http://www.openwall.com/lists/oss-security/2012/12/02/3, this vulnerability is only on linux-based software installations
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1005266
Trend Micro Deep Security DPI Rule Name: 1005266 - Oracle MySQL GRANT Command Stack Buffer Overflow Vulnerability
Software y versión afectados
- Oracle MySQL 5.5.28 and prior