Ubuntu
mysql-5.1 package

Stack-based buffer overflow in MySQL

Bug #1088058 reported by cybernet on 2012-12-08

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	mysql-5.1 (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

According to https://rhn.redhat.com/errata/RHSA-2012-1551.html

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

A stack-based buffer overflow flaw was found in the user permission
checking code in MySQL. An authenticated database user could use this flaw
to crash the mysqld daemon or, potentially, execute arbitrary code with the
privileges of the user running the mysqld daemon. (CVE-2012-5611)

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611
https://access.redhat.com/security/cve/CVE-2012-5611

Stack-based buffer overflow in MySQL 5.5.19, 5.1.53, and possibly other versions, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

RHSE rated this update as having
important security impact, so i'm marking this as a security vulnerability

CVE References

2012-5611

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2012-12-14:

This was fixed in http://www.ubuntu.com/usn/usn-1658-1

information type:	Private Security → Public Security
Changed in mysql-5.1 (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntumysql-5.1 package