CVE-2012-5611

NameCVE-2012-5611
DescriptionStack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2581-1
NVD severitymedium (attack range: remote)
Debian Bugs695001
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mysql-5.1 (PTS)squeeze (security), squeeze5.1.73-1fixed
squeeze (lts)5.1.73-1+deb6u1fixed
mysql-5.5 (PTS)wheezy5.5.40-0+wheezy1fixed
wheezy (security)5.5.41-0+wheezy1fixed
jessie, sid5.5.42-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mysql-5.1source(unstable)(unfixed)medium695001
mysql-5.1sourcesqueeze5.1.66-0+squeeze1mediumDSA-2581-1
mysql-5.5source(unstable)5.5.29+dfsg-1medium695001

Notes

http://seclists.org/fulldisclosure/2012/Dec/4

Search for package or bug name: Reporting problems