exploit the possibilities
Showing 1 - 10 of 10 RSS Feed

CVE-2012-5611

Status Candidate

Overview

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

Related Files

Mandriva Linux Security Advisory 2013-102
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-102 - Updated mariadb packages includes fixes for the following security Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol. Various other issues have also been addressed.

tags | advisory, remote, protocol
systems | linux, mandriva
advisories | CVE-2012-3147, CVE-2012-3158, CVE-2012-4414, CVE-2012-5611, CVE-2012-5612, CVE-2012-5615, CVE-2012-5627
MD5 | 00c17aeb40a1c194ecfac0866693cc8f
Mandriva Linux Security Advisory 2013-008
Posted Feb 6, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-008 - sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service via vectors related to incorrect calculation and a sort order index. Stack-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-2122, CVE-2012-2749, CVE-2012-5611
MD5 | d6119ed0928e8ec99c38988333bb8760
Mandriva Linux Security Advisory 2013-007
Posted Feb 5, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-007 - This is a maintenance and bugfix release that upgrades mysql to the latest version which resolves various upstream bugs and a total of 18 security related bugs.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-0572, CVE-2012-0574, CVE-2012-0578, CVE-2012-1702, CVE-2012-1705, CVE-2012-5060, CVE-2012-5096, CVE-2012-5611, CVE-2012-5612, CVE-2013-0367, CVE-2013-0368, CVE-2013-0371, CVE-2013-0375, CVE-2013-0383, CVE-2013-0384, CVE-2013-0385, CVE-2013-0386, CVE-2013-0389
MD5 | 991c29b710a8a2c1e2ef8e9f97032a71
Red Hat Security Advisory 2013-0180-01
Posted Jan 23, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0180-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. A flaw was found in the way MySQL calculated the key length when creating a sort order index for certain queries. An authenticated database user could use this flaw to crash the mysqld daemon.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-2749, CVE-2012-5611
MD5 | b4cca70a778b442e1a6784246e8ffa0f
Ubuntu Security Notice USN-1703-1
Posted Jan 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1703-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.67 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.29. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-0572, CVE-2012-0574, CVE-2012-0578, CVE-2012-1702, CVE-2012-1705, CVE-2012-5060, CVE-2012-5096, CVE-2012-5611, CVE-2012-5612, CVE-2013-0367, CVE-2013-0368, CVE-2013-0371, CVE-2013-0375, CVE-2013-0383, CVE-2013-0384, CVE-2013-0385, CVE-2013-0386, CVE-2013-0389
MD5 | 29e8e2282a62bd339f0074723998923e
Ubuntu Security Notice USN-1658-1
Posted Dec 11, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1658-1 - It was discovered that MySQL incorrectly handled certain long arguments. A remote authenticated attacker could use this issue to possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-5611
MD5 | fcf28991833b1bb1c22dc655b11d3cb0
Mandriva Linux Security Advisory 2012-178
Posted Dec 10, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-178 - Stack-based buffer overflow in MySQL 5.5.19, 5.1.53, and possibly other versions, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. The updated packages have been patched to correct this issue.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-5611
MD5 | 38f73ea9dac287e9a61eb60eccb609e5
Red Hat Security Advisory 2012-1551-01
Posted Dec 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1551-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. All MySQL users should upgrade to these updated packages, which correct this issue. After installing this update, the MySQL server daemon will be restarted automatically.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-5611
MD5 | ac36c70b03dbc763dd1ba3d0dc9fd109
Debian Security Advisory 2581-1
Posted Dec 4, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2581-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-3150, CVE-2012-3158, CVE-2012-3160, CVE-2012-3163, CVE-2012-3166, CVE-2012-3167, CVE-2012-3173, CVE-2012-3177, CVE-2012-3180, CVE-2012-3197, CVE-2012-5611
MD5 | 0714b6a1dfad19c051f809a2bc142984
Oracle MySQL Server 5.5.19-log Stack-Based Overrun
Posted Dec 3, 2012
Authored by Kingcope

Oracle MySQL versions 5.5.19-log and below for Linux suffer from a stack-based overrun. This exploit yields a shell as the mysql uid.

tags | exploit, overflow, shell
systems | linux
advisories | CVE-2012-5611
MD5 | 89479fdd0c5de2e426d3dff292166a7b
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close