CVE 2012-5611
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Related bugs and status
CVE-2012-5611 (Candidate) is related to these bugs:
Bug #617463: mysql fails to load innodb plugin due to apparmor rejection.
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 617463 | mysql fails to load innodb plugin due to apparmor rejection. | mysql-5.1 (Ubuntu) | Undecided | Fix Released | ||
| 617463 | mysql fails to load innodb plugin due to apparmor rejection. | mysql-5.1 (Ubuntu Lucid) | Undecided | Invalid | ||
| 617463 | mysql fails to load innodb plugin due to apparmor rejection. | mysql-dfsg-5.1 (Ubuntu) | Undecided | Invalid | ||
| 617463 | mysql fails to load innodb plugin due to apparmor rejection. | mysql-dfsg-5.1 (Ubuntu Lucid) | Low | Fix Released | ||
Bug #1088058: Stack-based buffer overflow in MySQL
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1088058 | Stack-based buffer overflow in MySQL | mysql-5.1 (Ubuntu) | Undecided | Fix Released | ||
Bug #1088060: Stack-based buffer overflow in MySQL
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1088060 | Stack-based buffer overflow in MySQL | mysql-5.5 (Ubuntu) | Undecided | Fix Released | ||
Bug #1100264: mysql 5.5.29, 5.1.67 security update tracking bug
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-5.5 (Ubuntu) | Medium | Fix Released | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-5.5 (Ubuntu Lucid) | Undecided | Invalid | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-5.5 (Ubuntu Oneiric) | Undecided | Invalid | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-5.5 (Ubuntu Quantal) | Medium | Fix Released | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-5.5 (Ubuntu Precise) | Medium | Fix Released | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-5.5 (Ubuntu Raring) | Medium | Fix Released | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-5.1 (Ubuntu) | Undecided | Invalid | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-5.1 (Ubuntu Lucid) | Undecided | Invalid | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-5.1 (Ubuntu Oneiric) | Medium | Fix Released | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-5.1 (Ubuntu Precise) | Undecided | Invalid | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-5.1 (Ubuntu Quantal) | Undecided | Invalid | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-5.1 (Ubuntu Raring) | Undecided | Invalid | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-dfsg-5.1 (Ubuntu) | Undecided | Invalid | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-dfsg-5.1 (Ubuntu Lucid) | Medium | Fix Released | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-dfsg-5.1 (Ubuntu Oneiric) | Undecided | Invalid | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-dfsg-5.1 (Ubuntu Precise) | Undecided | Invalid | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-dfsg-5.1 (Ubuntu Quantal) | Undecided | Invalid | ||
| 1100264 | mysql 5.5.29, 5.1.67 security update tracking bug | mysql-dfsg-5.1 (Ubuntu Raring) | Undecided | Invalid | ||
Bug #1186748: Oracle fix for CVE-2012-5611 is incomplete
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1186748 | Oracle fix for CVE-2012-5611 is incomplete | Percona Server moved to https://jira.percona.com/projects/PS | High | Fix Released | ||
| 1186748 | Oracle fix for CVE-2012-5611 is incomplete | Percona Server moved to https://jira.percona.com/projects/PS 5.1 | High | Fix Released | ||
| 1186748 | Oracle fix for CVE-2012-5611 is incomplete | Percona Server moved to https://jira.percona.com/projects/PS 5.5 | High | Fix Released | ||
| 1186748 | Oracle fix for CVE-2012-5611 is incomplete | Percona Server moved to https://jira.percona.com/projects/PS 5.6 | High | Fix Released | ||
| 1186748 | Oracle fix for CVE-2012-5611 is incomplete | MySQL Server | Unknown | Unknown | ||
See the 
CVE page on Mitre.org
for more details.
