what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2012-5611

Status Candidate

Overview

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

Related Files

Mandriva Linux Security Advisory 2013-102
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-102 - Updated mariadb packages includes fixes for the following security Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol. Various other issues have also been addressed.

tags | advisory, remote, protocol
systems | linux, mandriva
advisories | CVE-2012-3147, CVE-2012-3158, CVE-2012-4414, CVE-2012-5611, CVE-2012-5612, CVE-2012-5615, CVE-2012-5627
SHA-256 | 70e2790c57a07f5e4f2857ae15cc16b9161c3156270f84700985bcd1aebabe12
Mandriva Linux Security Advisory 2013-008
Posted Feb 6, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-008 - sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service via vectors related to incorrect calculation and a sort order index. Stack-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-2122, CVE-2012-2749, CVE-2012-5611
SHA-256 | b49df6bc4397ad8618cab19cb79f3703b128fb5b64bd72878f5ca80369c7124b
Mandriva Linux Security Advisory 2013-007
Posted Feb 5, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-007 - This is a maintenance and bugfix release that upgrades mysql to the latest version which resolves various upstream bugs and a total of 18 security related bugs.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-0572, CVE-2012-0574, CVE-2012-0578, CVE-2012-1702, CVE-2012-1705, CVE-2012-5060, CVE-2012-5096, CVE-2012-5611, CVE-2012-5612, CVE-2013-0367, CVE-2013-0368, CVE-2013-0371, CVE-2013-0375, CVE-2013-0383, CVE-2013-0384, CVE-2013-0385, CVE-2013-0386, CVE-2013-0389
SHA-256 | f5a1c34858824d1881921e777f921ed942d8506bf1d30a4c663954e96f6caef7
Red Hat Security Advisory 2013-0180-01
Posted Jan 23, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0180-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. A flaw was found in the way MySQL calculated the key length when creating a sort order index for certain queries. An authenticated database user could use this flaw to crash the mysqld daemon.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-2749, CVE-2012-5611
SHA-256 | c46944fff9eaf716d515206fe427c7820974a5b1849c452e4398e331b4a16859
Ubuntu Security Notice USN-1703-1
Posted Jan 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1703-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.67 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.29. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-0572, CVE-2012-0574, CVE-2012-0578, CVE-2012-1702, CVE-2012-1705, CVE-2012-5060, CVE-2012-5096, CVE-2012-5611, CVE-2012-5612, CVE-2013-0367, CVE-2013-0368, CVE-2013-0371, CVE-2013-0375, CVE-2013-0383, CVE-2013-0384, CVE-2013-0385, CVE-2013-0386, CVE-2013-0389
SHA-256 | 5686e0dae7e1a8e1fea5441532287eff9abdf26e5adfc2549050f7f80ecbf898
Ubuntu Security Notice USN-1658-1
Posted Dec 11, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1658-1 - It was discovered that MySQL incorrectly handled certain long arguments. A remote authenticated attacker could use this issue to possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-5611
SHA-256 | d0c372423b678f929cd1dbb1f7270c32c54eadc7f415908d7402cac86511b46c
Mandriva Linux Security Advisory 2012-178
Posted Dec 10, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-178 - Stack-based buffer overflow in MySQL 5.5.19, 5.1.53, and possibly other versions, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. The updated packages have been patched to correct this issue.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-5611
SHA-256 | 19d93ba2d1dce4cbb6f70f19c45b75b0d55296a79641c60eb686d7561a125406
Red Hat Security Advisory 2012-1551-01
Posted Dec 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1551-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. All MySQL users should upgrade to these updated packages, which correct this issue. After installing this update, the MySQL server daemon will be restarted automatically.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-5611
SHA-256 | 5a48d3ad2ea7393da906520859e8e3c76501b015913b596156bd54c05955beaf
Debian Security Advisory 2581-1
Posted Dec 4, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2581-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-3150, CVE-2012-3158, CVE-2012-3160, CVE-2012-3163, CVE-2012-3166, CVE-2012-3167, CVE-2012-3173, CVE-2012-3177, CVE-2012-3180, CVE-2012-3197, CVE-2012-5611
SHA-256 | 2748ff0438a47e32d4a6b316d340dc682a7a93eb1de4bc28cc97456932e6000f
Oracle MySQL Server 5.5.19-log Stack-Based Overrun
Posted Dec 3, 2012
Authored by Kingcope

Oracle MySQL versions 5.5.19-log and below for Linux suffer from a stack-based overrun. This exploit yields a shell as the mysql uid.

tags | exploit, overflow, shell
systems | linux
advisories | CVE-2012-5611
SHA-256 | 5230a2630c6fb8619813731a9429b6e733b55892232e63ae4cde28452b203583
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close