Attacker Value

Unknown

CVE-2012-5611 MySQL Buffer Overflow

Attacker Value

Unknown

(1 user assessed)

Exploitability

Unknown

(1 user assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2012-5611 MySQL Buffer Overflow

Disclosure Date: December 03, 2012 •

CVE-2012-5611

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

Add Assessment

wchen-r7 (173)

September 12, 2019 6:07pm UTC (5 years ago)•Edited 4 years ago

Technical Analysis

Details

Install

MySQL-client-community-5.1.66-1.rhel4.i386.rpm MySQL-shared-community-5.1.66-1.rhel4.i386.rpm
MySQL-server-community-5.1.66-1.rhel4.i386.rpm

Packages available here: http://downloads.skysql.com/archive/index/p/mysql/v/5.1.66

On a fresh CentOS install (minimal) mysql-libs are installed, it and its dependencies should be deleted with rpm -e (all at the same time).

Once installed add a user:

mysql> CREATE USER 'juan'@'%' IDENTIFIED BY 'mypass';
Query OK, 0 rows affected (0.00 sec)

And grant privileges:

mysql> GRANT ALL PRIVILEGES ON *.* TO 'juan'@'%';
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

Ready to test…

Start through mysqld_safe:

[root@localhost mysql]# /usr/bin/mysqld_safe --user=mysql
130712 07:23:38 mysqld_safe Logging to '/var/lib/mysql/localhost.localdomain.err'.
130712 07:23:38 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

mariadb,
oracle

Products

mariadb 5.1.41,
mariadb 5.1.42,
mariadb 5.1.44,
mariadb 5.1.47,
mariadb 5.1.49,
mariadb 5.1.50,
mariadb 5.1.51,
mariadb 5.1.53,
mariadb 5.1.55,
mariadb 5.1.60,
mariadb 5.1.61,
mariadb 5.1.62,
mariadb 5.2.0,
mariadb 5.2.1,
mariadb 5.2.10,
mariadb 5.2.11,
mariadb 5.2.12,
mariadb 5.2.2,
mariadb 5.2.3,
mariadb 5.2.4,
mariadb 5.2.5,
mariadb 5.2.6,
mariadb 5.2.7,
mariadb 5.2.8,
mariadb 5.2.9,
mariadb 5.3.0,
mariadb 5.3.1,
mariadb 5.3.10,
mariadb 5.3.2,
mariadb 5.3.3,
mariadb 5.3.4,
mariadb 5.3.5,
mariadb 5.3.6,
mariadb 5.3.7,
mariadb 5.3.8,
mariadb 5.3.9,
mariadb 5.5.20,
mariadb 5.5.21,
mariadb 5.5.22,
mariadb 5.5.23,
mariadb 5.5.24,
mariadb 5.5.25,
mariadb 5.5.27,
mariadb 5.5.28,
mysql 5.1.53,
mysql 5.5.19

References

Rapid7

Unknown