CVE-2012-5611

{"id": "CVE-2012-5611", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-12-03T12:49:43.363", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1551.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0180.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://seclists.org/fulldisclosure/2012/Dec/4", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/51443", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/53372", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2012/dsa-2581", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.exploit-db.com/exploits/23075", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/12/02/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/12/02/4", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-1658-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-1703-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://kb.askmonty.org/en/mariadb-5166-release-notes/", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://kb.askmonty.org/en/mariadb-5213-release-notes/", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://kb.askmonty.org/en/mariadb-5311-release-notes/", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://kb.askmonty.org/en/mariadb-5528a-release-notes/", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en MySQL v5.5.19, v5.1.53, y posiblemente otras versiones, y MariaDB v5.5.2.x antes de v5.5.28a, v5.3.x antes de v5.3.11, v5.2.x antes de v5.2.13 y v5.1.x antes de v5.1.66, permite a usuarios autenticados remotamente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un argumento largo en el comando GRANT FILE."}], "lastModified": "2024-05-17T16:55:44.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.41:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86D9BEC1-F4C2-4BE6-A608-D8958A032972"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77F04B12-6063-4BAB-A69B-F1F19CC3FFB8"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.44:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A77E458-3AE9-4B02-9A9F-A640DAE073B3"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.47:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF78DF61-E6C3-4E92-A8B9-843698D03D18"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56F2A57F-2CDD-48F8-AC92-1E599875E704"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F2BAD43-DDF2-4830-A844-8A6F18EF98CC"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.51:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCB1ECEF-8420-41CF-9CFD-AD551BB04C9F"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4C45914-1CB3-440F-AB7B-564B3A09D9BB"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.55:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "581E047E-339B-4CB4-ADA9-AF25BE0345B8"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.60:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C16A0D77-DA95-41D7-9BE2-7B306AF9FF6B"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.61:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4BAE0F1-010D-47D8-B65E-335EF455C951"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.62:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91DD3FC9-2530-4BAA-929A-6D4E96868B74"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "552E49DC-80FD-4422-9341-44CE0C127027"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDEAEFC9-9C50-44F9-8D8C-FAC18F706DAD"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92BD73CE-88F8-4DF0-8293-FBE1FEC8BAB2"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B438CEA-C321-4B48-8610-9E0CABA7F9B0"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56C584AF-64B0-4DCB-9E36-E60170654D03"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DD15542-FBFB-4513-BC42-5EE63247313D"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98247C01-F906-426A-B5C6-5A3905B83027"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F7C92F3-D18F-47B8-A6D7-2DD210B0BC77"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "323BDFDE-FA24-4169-8BD4-C7978C4FDBBA"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FA479ED-0B6B-464A-B476-82C5C4E05D20"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EFF6DF6-DE51-49EA-B745-4EBC20814E6A"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8B00856-5DDC-415A-98AC-62736B9C2DA9"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC6B5FF9-7A46-46D9-BEA2-2146F958E6BD"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0122E5B-7EBF-431A-B144-45F945099FE6"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59BC8D7B-866E-42E5-9EF9-E8F487AE21C6"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A1982C3-4F1B-4B62-AB75-0FE88EA1BC33"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49A3AD71-6E48-40CF-BA9D-75B6D8D02B9A"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0CBE6FE-12C8-4E5E-990E-9E4859862A80"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACBBA64F-F39C-422A-9FDB-72372B6C4320"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43121525-06CD-4C4A-A4C0-5AC26CDB275F"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72855B60-229B-4AB9-9786-1EDDA8F16DAB"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64040784-F6ED-4FC2-8D43-6DAB38770BEF"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A242B531-0936-4F67-8F07-245FE929F034"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ABB8B61-273F-441A-98B3-56EF456EDF6F"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F99E43D2-D49C-4990-B683-2E26D58DB816"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C082352C-DFE1-461A-9803-C180021144A6"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F49B9C56-71B4-4B1B-ABD8-CFE56A4F0816"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCA16095-E56A-4523-B738-2C4E86CEF603"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "917846BE-1D70-4121-8065-F97F3D710244"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7140FE2C-C06C-4005-958C-B00D3CEC6333"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D4C9720-8FC9-4EF3-81C9-D84D6E6EA949"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "813E44E5-8B9B-4FCA-86A2-4AA4135F9EDF"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E1B28CE-BFE1-4331-90F9-E6BA672BDAA9"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77E105E9-FE65-4B75-9818-D3897294E941"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "evaluatorComment": "per http://www.openwall.com/lists/oss-security/2012/12/02/3, this vulnerability is only on linux-based software installations", "sourceIdentifier": "secalert@redhat.com"}