CVE-2012-5611 MySQL Buffer Overflow

2012-12-0300:00:00

attackerkb.com

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

JSON

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

Recent assessments:

wchen-r7 at September 12, 2019 6:07pm UTC reported:

Details

Install

MySQL-client-community-5.1.66-1.rhel4.i386.rpm MySQL-shared-community-5.1.66-1.rhel4.i386.rpm
MySQL-server-community-5.1.66-1.rhel4.i386.rpm

Packages available here: <http://downloads.skysql.com/archive/index/p/mysql/v/5.1.66>

On a fresh CentOS install (minimal) mysql-libs are installed, it and its dependencies should be deleted with rpm -e (all at the same time).

Once installed add a user:

mysql&gt; CREATE USER 'juan'@'%' IDENTIFIED BY 'mypass';
Query OK, 0 rows affected (0.00 sec)

And grant privileges:

mysql&gt; GRANT ALL PRIVILEGES ON *.* TO 'juan'@'%';
Query OK, 0 rows affected (0.00 sec)



mysql&gt; FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

Ready to test…

Start through mysqld_safe:

[root@localhost mysql]# /usr/bin/mysqld_safe --user=mysql
130712 07:23:38 mysqld_safe Logging to '/var/lib/mysql/localhost.localdomain.err'.
130712 07:23:38 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0