製品・ソフトウェアに関する情報

JVN脆弱性詳細

Oracle MySQL および MariaDB におけるスタックベースのバッファオーバーフローの脆弱性

Title	Oracle MySQL および MariaDB におけるスタックベースのバッファオーバーフローの脆弱性
Summary	Oracle MySQL および MariaDB には、スタックベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、GRANT FILE コマンドの過度に長い引数を介して、任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Dec. 3, 2012, midnight
Registration Date	Dec. 4, 2012, 2:06 p.m.
Last Update	Feb. 17, 2016, 4:35 p.m.

CVSS2.0 : 警告
Score	6.5
Vector	AV:N/AC:L/Au:S/C:P/I:P/A:P

Affected System

オラクル

MySQL 5.1.53

MySQL 5.5.19

MySQL 5.1.53

MySQL 5.5.19

MariaDB Corporation Ab.

MariaDB 5.1.66 未満の 5.1.x

MariaDB 5.2.13 未満の 5.2.x

MariaDB 5.3.11 未満の 5.3.x

MariaDB 5.5.28a 未満の 5.5.2.x

MariaDB 5.1.66 未満の 5.1.x

MariaDB 5.2.13 未満の 5.2.x

MariaDB 5.3.11 未満の 5.3.x

MariaDB 5.5.28a 未満の 5.5.2.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-5611	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611
2	CVE-2012-5611	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611
National Vulnerability Database (NVD)
3	CVE-2012-5611	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5611
4	CVE-2012-5611	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5611

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html
2	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
AskMonty Knowledgebase
1	MariaDB 5.1.66 Release Notes	https://mariadb.com/kb/en/mariadb/mariadb-5166-release-notes/
2	MariaDB 5.1.66 Release Notes	https://mariadb.com/kb/en/mariadb/mariadb-5166-release-notes/
3	MariaDB 5.2.13 Release Notes	https://mariadb.com/kb/en/mariadb/mariadb-5213-release-notes/
4	MariaDB 5.2.13 Release Notes	https://mariadb.com/kb/en/mariadb/mariadb-5213-release-notes/
5	MariaDB 5.3.11 Release Notes	https://mariadb.com/kb/en/mariadb/mariadb-5311-release-notes/
6	MariaDB 5.3.11 Release Notes	https://mariadb.com/kb/en/mariadb/mariadb-5311-release-notes/
7	MariaDB 5.5.28a Release Notes	https://kb.askmonty.org/en/mariadb-5528a-release-notes/
8	MariaDB 5.5.28a Release Notes	https://kb.askmonty.org/en/mariadb-5528a-release-notes/
MySQL
9	Top Page	http://www.mysql.com/
10	Top Page	http://www.mysql.com/
Oracle Critical Patch Update
11	Oracle Critical Patch Update Advisory - January 2013	http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
12	Oracle Critical Patch Update Advisory - January 2013	http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
13	Text Form of Oracle Critical Patch Update - January 2013 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujan2013verbose-1897756.html
14	Text Form of Oracle Critical Patch Update - January 2013 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujan2013verbose-1897756.html
Red Hat Bugzilla
15	Bug 882599	https://bugzilla.redhat.com/show_bug.cgi?id=882599
16	Bug 882599	https://bugzilla.redhat.com/show_bug.cgi?id=882599
Red Hat Security Advisory
17	RHSA-2012:1551	http://rhn.redhat.com/errata/RHSA-2012-1551.html
18	RHSA-2012:1551	http://rhn.redhat.com/errata/RHSA-2012-1551.html
19	RHSA-2013:0180	http://rhn.redhat.com/errata/RHSA-2013-0180.html
20	RHSA-2013:0180	http://rhn.redhat.com/errata/RHSA-2013-0180.html
SECURITY BLOG
21	January 2013 Critical Patch Update Released	https://blogs.oracle.com/security/entry/january_2013_critical_patch_update
22	January 2013 Critical Patch Update Released	https://blogs.oracle.com/security/entry/january_2013_critical_patch_update
Ubuntu Security Notice
23	USN-1703-1	http://www.ubuntu.com/usn/USN-1703-1/
24	USN-1703-1	http://www.ubuntu.com/usn/USN-1703-1/

Change Log

No	Changed Details	Date of change
0	[2012年12月04日] 掲載 [2013年01月18日] 影響を受けるシステム:内容を更新ベンダ情報:オラクル (Oracle Critical Patch Update Advisory - January 2013) を追加ベンダ情報:オラクル (Text Form of Oracle Critical Patch Update - January 2013 Risk Matrices) を追加ベンダ情報:オラクル (January 2013 Critical Patch Update Released) を追加 [2013年02月28日] ベンダ情報：Ubuntu (USN-1703-1) を追加 [2016年02月17日] ベンダ情報：MariaDB Corporation Ab. (MariaDB 5.1.66 Release Notes) を追加ベンダ情報：MariaDB Corporation Ab. (MariaDB 5.2.13 Release Notes) を追加ベンダ情報：MariaDB Corporation Ab. (MariaDB 5.3.11 Release Notes) を追加ベンダ情報：レッドハット (RHSA-2012:1551) を追加ベンダ情報：レッドハット (RHSA-2013:0180) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-5611

Summary	Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Publication Date	Dec. 3, 2012, 9:49 p.m.
Registration Date	Jan. 28, 2021, 3:06 p.m.
Last Update	Nov. 21, 2024, 10:44 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:mariadb:mariadb:5.1.41:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.42:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.44:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.47:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.49:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.50:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.51:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.53:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.55:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.60:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.61:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.62:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.0:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.1:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.2:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.3:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.4:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.5:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.6:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.7:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.8:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.9:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.10:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.11:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.12:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.0:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.1:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.2:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.3:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.4:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.5:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.6:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.7:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.8:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.9:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.10:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.20:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.21:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.22:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.23:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.24:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.25:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.27:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.28:::::::*
cpe:2.3:a:oracle:mysql:5.1.53:::::::*
cpe:2.3:a:oracle:mysql:5.5.19:::::::*
execution environment
1	cpe:2.3:o:linux:linux_kernel:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html	Mailing List Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html	Mailing List Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html	Mailing List Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html	Mailing List Third Party Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html	Mailing List Third Party Advisory
7	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html	Mailing List Third Party Advisory
8	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html	Mailing List Third Party Advisory
9	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html	Mailing List Third Party Advisory
10	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html	Mailing List Third Party Advisory
11	http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html	Mailing List Third Party Advisory
12	http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html	Mailing List Third Party Advisory
13	http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html	Mailing List Third Party Advisory
14	http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html	Mailing List Third Party Advisory
15	http://rhn.redhat.com/errata/RHSA-2012-1551.html	Third Party Advisory
16	http://rhn.redhat.com/errata/RHSA-2012-1551.html	Third Party Advisory
17	http://rhn.redhat.com/errata/RHSA-2013-0180.html	Third Party Advisory
18	http://rhn.redhat.com/errata/RHSA-2013-0180.html	Third Party Advisory
19	http://seclists.org/fulldisclosure/2012/Dec/4	Mailing List Third Party Advisory
20	http://seclists.org/fulldisclosure/2012/Dec/4	Mailing List Third Party Advisory
21	http://secunia.com/advisories/51443	Broken Link
22	http://secunia.com/advisories/51443	Broken Link
23	http://secunia.com/advisories/53372	Broken Link
24	http://secunia.com/advisories/53372	Broken Link
25	http://security.gentoo.org/glsa/glsa-201308-06.xml	Third Party Advisory
26	http://security.gentoo.org/glsa/glsa-201308-06.xml	Third Party Advisory
27	http://www.debian.org/security/2012/dsa-2581	Third Party Advisory
28	http://www.debian.org/security/2012/dsa-2581	Third Party Advisory
29	http://www.exploit-db.com/exploits/23075	Third Party Advisory VDB Entry
30	http://www.exploit-db.com/exploits/23075	Third Party Advisory VDB Entry
31	http://www.mandriva.com/security/advisories?name=MDVSA-2013:102	Third Party Advisory
32	http://www.mandriva.com/security/advisories?name=MDVSA-2013:102	Third Party Advisory
33	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150	Third Party Advisory
34	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150	Third Party Advisory
35	http://www.openwall.com/lists/oss-security/2012/12/02/3	Mailing List Third Party Advisory
36	http://www.openwall.com/lists/oss-security/2012/12/02/3	Mailing List Third Party Advisory
37	http://www.openwall.com/lists/oss-security/2012/12/02/4	Mailing List Third Party Advisory
38	http://www.openwall.com/lists/oss-security/2012/12/02/4	Mailing List Third Party Advisory
39	http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html	Third Party Advisory
40	http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html	Third Party Advisory
41	http://www.ubuntu.com/usn/USN-1658-1	Third Party Advisory
42	http://www.ubuntu.com/usn/USN-1658-1	Third Party Advisory
43	http://www.ubuntu.com/usn/USN-1703-1	Third Party Advisory
44	http://www.ubuntu.com/usn/USN-1703-1	Third Party Advisory
45	https://kb.askmonty.org/en/mariadb-5166-release-notes/	Third Party Advisory
46	https://kb.askmonty.org/en/mariadb-5166-release-notes/	Third Party Advisory
47	https://kb.askmonty.org/en/mariadb-5213-release-notes/	Third Party Advisory
48	https://kb.askmonty.org/en/mariadb-5213-release-notes/	Third Party Advisory
49	https://kb.askmonty.org/en/mariadb-5311-release-notes/	Third Party Advisory
50	https://kb.askmonty.org/en/mariadb-5311-release-notes/	Third Party Advisory
51	https://kb.askmonty.org/en/mariadb-5528a-release-notes/	Third Party Advisory
52	https://kb.askmonty.org/en/mariadb-5528a-release-notes/	Third Party Advisory
53	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395	Third Party Advisory
54	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:mariadb:mariadb:5.1.41:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.42:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.44:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.47:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.49:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.50:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.51:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.53:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.55:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.60:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.61:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.62:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.0:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.1:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.2:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.3:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.4:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.5:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.6:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.7:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.8:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.9:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.10:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.11:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.12:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.0:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.1:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.2:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.3:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.4:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.5:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.6:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.7:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.8:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.9:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.10:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.20:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.21:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.22:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.23:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.24:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.25:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.27:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.28:::::::*
cpe:2.3:a:oracle:mysql:5.1.53:::::::*
cpe:2.3:a:oracle:mysql:5.5.19:::::::*
execution environment
1	cpe:2.3:o:linux:linux_kernel:-:::::::*