Attacker Value
Unknown
(1 user assessed)
Exploitability
Unknown
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2012-5611 MySQL Buffer Overflow

Disclosure Date: December 03, 2012
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

Add Assessment

2
Technical Analysis

Details

Install

MySQL-client-community-5.1.66-1.rhel4.i386.rpm MySQL-shared-community-5.1.66-1.rhel4.i386.rpm
MySQL-server-community-5.1.66-1.rhel4.i386.rpm

Packages available here: http://downloads.skysql.com/archive/index/p/mysql/v/5.1.66

On a fresh CentOS install (minimal) mysql-libs are installed, it and its dependencies should be deleted with rpm -e (all at the same time).

Once installed add a user:

mysql> CREATE USER 'juan'@'%' IDENTIFIED BY 'mypass';
Query OK, 0 rows affected (0.00 sec)

And grant privileges:

mysql> GRANT ALL PRIVILEGES ON *.* TO 'juan'@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

Ready to test…

Start through mysqld_safe:

[root@localhost mysql]# /usr/bin/mysqld_safe --user=mysql
130712 07:23:38 mysqld_safe Logging to '/var/lib/mysql/localhost.localdomain.err'.
130712 07:23:38 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Vendors

  • mariadb,
  • oracle

Products

  • mariadb 5.1.41,
  • mariadb 5.1.42,
  • mariadb 5.1.44,
  • mariadb 5.1.47,
  • mariadb 5.1.49,
  • mariadb 5.1.50,
  • mariadb 5.1.51,
  • mariadb 5.1.53,
  • mariadb 5.1.55,
  • mariadb 5.1.60,
  • mariadb 5.1.61,
  • mariadb 5.1.62,
  • mariadb 5.2.0,
  • mariadb 5.2.1,
  • mariadb 5.2.10,
  • mariadb 5.2.11,
  • mariadb 5.2.12,
  • mariadb 5.2.2,
  • mariadb 5.2.3,
  • mariadb 5.2.4,
  • mariadb 5.2.5,
  • mariadb 5.2.6,
  • mariadb 5.2.7,
  • mariadb 5.2.8,
  • mariadb 5.2.9,
  • mariadb 5.3.0,
  • mariadb 5.3.1,
  • mariadb 5.3.10,
  • mariadb 5.3.2,
  • mariadb 5.3.3,
  • mariadb 5.3.4,
  • mariadb 5.3.5,
  • mariadb 5.3.6,
  • mariadb 5.3.7,
  • mariadb 5.3.8,
  • mariadb 5.3.9,
  • mariadb 5.5.20,
  • mariadb 5.5.21,
  • mariadb 5.5.22,
  • mariadb 5.5.23,
  • mariadb 5.5.24,
  • mariadb 5.5.25,
  • mariadb 5.5.27,
  • mariadb 5.5.28,
  • mysql 5.1.53,
  • mysql 5.5.19
Technical Analysis