製品・ソフトウェアに関する情報

JVN脆弱性詳細

Oracle MySQL および MariaDB におけるスタックベースのバッファオーバーフローの脆弱性

タイトル	Oracle MySQL および MariaDB におけるスタックベースのバッファオーバーフローの脆弱性
概要	Oracle MySQL および MariaDB には、スタックベースのバッファオーバーフローの脆弱性が存在します。
想定される影響	リモート認証されたユーザにより、GRANT FILE コマンドの過度に長い引数を介して、任意のコードを実行される可能性があります。
対策	ベンダ情報および参考情報を参照して適切な対策を実施してください。
公表日	2012年12月3日0:00
登録日	2012年12月4日14:06
最終更新日	2016年2月17日16:35

CVSS2.0 : 警告
スコア	6.5
ベクター	AV:N/AC:L/Au:S/C:P/I:P/A:P

影響を受けるシステム

オラクル

MySQL 5.1.53

MySQL 5.5.19

MySQL 5.1.53

MySQL 5.5.19

MariaDB Corporation Ab.

MariaDB 5.1.66 未満の 5.1.x

MariaDB 5.2.13 未満の 5.2.x

MariaDB 5.3.11 未満の 5.3.x

MariaDB 5.5.28a 未満の 5.5.2.x

MariaDB 5.1.66 未満の 5.1.x

MariaDB 5.2.13 未満の 5.2.x

MariaDB 5.3.11 未満の 5.3.x

MariaDB 5.5.28a 未満の 5.5.2.x

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-5611	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611
2	CVE-2012-5611	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611
National Vulnerability Database (NVD)
3	CVE-2012-5611	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5611
4	CVE-2012-5611	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5611

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html
2	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	名前	URL
AskMonty Knowledgebase
1	MariaDB 5.1.66 Release Notes	https://mariadb.com/kb/en/mariadb/mariadb-5166-release-notes/
2	MariaDB 5.1.66 Release Notes	https://mariadb.com/kb/en/mariadb/mariadb-5166-release-notes/
3	MariaDB 5.2.13 Release Notes	https://mariadb.com/kb/en/mariadb/mariadb-5213-release-notes/
4	MariaDB 5.2.13 Release Notes	https://mariadb.com/kb/en/mariadb/mariadb-5213-release-notes/
5	MariaDB 5.3.11 Release Notes	https://mariadb.com/kb/en/mariadb/mariadb-5311-release-notes/
6	MariaDB 5.3.11 Release Notes	https://mariadb.com/kb/en/mariadb/mariadb-5311-release-notes/
7	MariaDB 5.5.28a Release Notes	https://kb.askmonty.org/en/mariadb-5528a-release-notes/
8	MariaDB 5.5.28a Release Notes	https://kb.askmonty.org/en/mariadb-5528a-release-notes/
MySQL
9	Top Page	http://www.mysql.com/
10	Top Page	http://www.mysql.com/
Oracle Critical Patch Update
11	Oracle Critical Patch Update Advisory - January 2013	http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
12	Oracle Critical Patch Update Advisory - January 2013	http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
13	Text Form of Oracle Critical Patch Update - January 2013 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujan2013verbose-1897756.html
14	Text Form of Oracle Critical Patch Update - January 2013 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujan2013verbose-1897756.html
Red Hat Bugzilla
15	Bug 882599	https://bugzilla.redhat.com/show_bug.cgi?id=882599
16	Bug 882599	https://bugzilla.redhat.com/show_bug.cgi?id=882599
Red Hat Security Advisory
17	RHSA-2012:1551	http://rhn.redhat.com/errata/RHSA-2012-1551.html
18	RHSA-2012:1551	http://rhn.redhat.com/errata/RHSA-2012-1551.html
19	RHSA-2013:0180	http://rhn.redhat.com/errata/RHSA-2013-0180.html
20	RHSA-2013:0180	http://rhn.redhat.com/errata/RHSA-2013-0180.html
SECURITY BLOG
21	January 2013 Critical Patch Update Released	https://blogs.oracle.com/security/entry/january_2013_critical_patch_update
22	January 2013 Critical Patch Update Released	https://blogs.oracle.com/security/entry/january_2013_critical_patch_update
Ubuntu Security Notice
23	USN-1703-1	http://www.ubuntu.com/usn/USN-1703-1/
24	USN-1703-1	http://www.ubuntu.com/usn/USN-1703-1/

変更履歴

No	変更内容	変更日
0	[2012年12月04日] 掲載 [2013年01月18日] 影響を受けるシステム:内容を更新ベンダ情報:オラクル (Oracle Critical Patch Update Advisory - January 2013) を追加ベンダ情報:オラクル (Text Form of Oracle Critical Patch Update - January 2013 Risk Matrices) を追加ベンダ情報:オラクル (January 2013 Critical Patch Update Released) を追加 [2013年02月28日] ベンダ情報：Ubuntu (USN-1703-1) を追加 [2016年02月17日] ベンダ情報：MariaDB Corporation Ab. (MariaDB 5.1.66 Release Notes) を追加ベンダ情報：MariaDB Corporation Ab. (MariaDB 5.2.13 Release Notes) を追加ベンダ情報：MariaDB Corporation Ab. (MariaDB 5.3.11 Release Notes) を追加ベンダ情報：レッドハット (RHSA-2012:1551) を追加ベンダ情報：レッドハット (RHSA-2013:0180) を追加	2018年2月17日10:37

NVD脆弱性情報

CVE-2012-5611

概要	Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
公表日	2012年12月3日21:49
登録日	2021年1月28日15:06
最終更新日	2024年11月21日10:44

影響を受けるソフトウェアの構成

構成1		以上	以下	より上	未満
cpe:2.3:a:mariadb:mariadb:5.1.41:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.42:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.44:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.47:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.49:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.50:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.51:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.53:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.55:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.60:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.61:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.62:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.0:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.1:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.2:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.3:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.4:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.5:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.6:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.7:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.8:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.9:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.10:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.11:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.12:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.0:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.1:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.2:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.3:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.4:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.5:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.6:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.7:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.8:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.9:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.10:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.20:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.21:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.22:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.23:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.24:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.25:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.27:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.28:::::::*
cpe:2.3:a:oracle:mysql:5.1.53:::::::*
cpe:2.3:a:oracle:mysql:5.5.19:::::::*
実行環境
1	cpe:2.3:o:linux:linux_kernel:-:::::::*

関連情報、対策とツール

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html	Mailing List Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html	Mailing List Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html	Mailing List Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html	Mailing List Third Party Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html	Mailing List Third Party Advisory
7	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html	Mailing List Third Party Advisory
8	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html	Mailing List Third Party Advisory
9	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html	Mailing List Third Party Advisory
10	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html	Mailing List Third Party Advisory
11	http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html	Mailing List Third Party Advisory
12	http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html	Mailing List Third Party Advisory
13	http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html	Mailing List Third Party Advisory
14	http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html	Mailing List Third Party Advisory
15	http://rhn.redhat.com/errata/RHSA-2012-1551.html	Third Party Advisory
16	http://rhn.redhat.com/errata/RHSA-2012-1551.html	Third Party Advisory
17	http://rhn.redhat.com/errata/RHSA-2013-0180.html	Third Party Advisory
18	http://rhn.redhat.com/errata/RHSA-2013-0180.html	Third Party Advisory
19	http://seclists.org/fulldisclosure/2012/Dec/4	Mailing List Third Party Advisory
20	http://seclists.org/fulldisclosure/2012/Dec/4	Mailing List Third Party Advisory
21	http://secunia.com/advisories/51443	Broken Link
22	http://secunia.com/advisories/51443	Broken Link
23	http://secunia.com/advisories/53372	Broken Link
24	http://secunia.com/advisories/53372	Broken Link
25	http://security.gentoo.org/glsa/glsa-201308-06.xml	Third Party Advisory
26	http://security.gentoo.org/glsa/glsa-201308-06.xml	Third Party Advisory
27	http://www.debian.org/security/2012/dsa-2581	Third Party Advisory
28	http://www.debian.org/security/2012/dsa-2581	Third Party Advisory
29	http://www.exploit-db.com/exploits/23075	Third Party Advisory VDB Entry
30	http://www.exploit-db.com/exploits/23075	Third Party Advisory VDB Entry
31	http://www.mandriva.com/security/advisories?name=MDVSA-2013:102	Third Party Advisory
32	http://www.mandriva.com/security/advisories?name=MDVSA-2013:102	Third Party Advisory
33	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150	Third Party Advisory
34	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150	Third Party Advisory
35	http://www.openwall.com/lists/oss-security/2012/12/02/3	Mailing List Third Party Advisory
36	http://www.openwall.com/lists/oss-security/2012/12/02/3	Mailing List Third Party Advisory
37	http://www.openwall.com/lists/oss-security/2012/12/02/4	Mailing List Third Party Advisory
38	http://www.openwall.com/lists/oss-security/2012/12/02/4	Mailing List Third Party Advisory
39	http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html	Third Party Advisory
40	http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html	Third Party Advisory
41	http://www.ubuntu.com/usn/USN-1658-1	Third Party Advisory
42	http://www.ubuntu.com/usn/USN-1658-1	Third Party Advisory
43	http://www.ubuntu.com/usn/USN-1703-1	Third Party Advisory
44	http://www.ubuntu.com/usn/USN-1703-1	Third Party Advisory
45	https://kb.askmonty.org/en/mariadb-5166-release-notes/	Third Party Advisory
46	https://kb.askmonty.org/en/mariadb-5166-release-notes/	Third Party Advisory
47	https://kb.askmonty.org/en/mariadb-5213-release-notes/	Third Party Advisory
48	https://kb.askmonty.org/en/mariadb-5213-release-notes/	Third Party Advisory
49	https://kb.askmonty.org/en/mariadb-5311-release-notes/	Third Party Advisory
50	https://kb.askmonty.org/en/mariadb-5311-release-notes/	Third Party Advisory
51	https://kb.askmonty.org/en/mariadb-5528a-release-notes/	Third Party Advisory
52	https://kb.askmonty.org/en/mariadb-5528a-release-notes/	Third Party Advisory
53	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395	Third Party Advisory
54	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395	Third Party Advisory

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

構成1		以上	以下	より上	未満
cpe:2.3:a:mariadb:mariadb:5.1.41:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.42:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.44:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.47:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.49:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.50:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.51:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.53:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.55:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.60:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.61:::::::*
cpe:2.3:a:mariadb:mariadb:5.1.62:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.0:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.1:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.2:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.3:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.4:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.5:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.6:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.7:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.8:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.9:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.10:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.11:::::::*
cpe:2.3:a:mariadb:mariadb:5.2.12:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.0:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.1:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.2:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.3:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.4:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.5:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.6:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.7:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.8:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.9:::::::*
cpe:2.3:a:mariadb:mariadb:5.3.10:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.20:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.21:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.22:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.23:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.24:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.25:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.27:::::::*
cpe:2.3:a:mariadb:mariadb:5.5.28:::::::*
cpe:2.3:a:oracle:mysql:5.1.53:::::::*
cpe:2.3:a:oracle:mysql:5.5.19:::::::*
実行環境
1	cpe:2.3:o:linux:linux_kernel:-:::::::*