Oracle MySQL GRANT Command Stack Buffer Overflow Vulnerability
Severity: MEDIUM
CVE Identifier: CVE-2012-5611
Advisory Date: JUL 21, 2015
DESCRIPTION
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
nvd: per http://www.openwall.com/lists/oss-security/2012/12/02/3, this vulnerability is only on linux-based software installations
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1005266
Trend Micro Deep Security DPI Rule Name: 1005266 - Oracle MySQL GRANT Command Stack Buffer Overflow Vulnerability
AFFECTED SOFTWARE AND VERSION
- Oracle MySQL 5.5.28 and prior