Oracle MySQL GRANT Command Stack Buffer Overflow Vulnerability
Severity: : Medium
CVE Kennungen: : CVE-2012-5611
Advisory Date: 21 lipca 2015
DESCRIPTION
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
nvd: per http://www.openwall.com/lists/oss-security/2012/12/02/3, this vulnerability is only on linux-based software installations
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1005266
Trend Micro Deep Security DPI Rule Name: 1005266 - Oracle MySQL GRANT Command Stack Buffer Overflow Vulnerability
AFFECTED SOFTWARE AND VERSION:
- Oracle MySQL 5.5.28 and prior