6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.949 High
EPSS
Percentile
99.3%
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html
lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html
lists.opensuse.org/opensuse-updates/2013-09/msg00010.html
rhn.redhat.com/errata/RHSA-2012-1551.html
rhn.redhat.com/errata/RHSA-2013-0180.html
seclists.org/fulldisclosure/2012/Dec/4
secunia.com/advisories/51443
secunia.com/advisories/53372
security.gentoo.org/glsa/glsa-201308-06.xml
www.debian.org/security/2012/dsa-2581
www.exploit-db.com/exploits/23075
www.mandriva.com/security/advisories?name=MDVSA-2013:102
www.mandriva.com/security/advisories?name=MDVSA-2013:150
www.openwall.com/lists/oss-security/2012/12/02/3
www.openwall.com/lists/oss-security/2012/12/02/4
www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
www.ubuntu.com/usn/USN-1658-1
www.ubuntu.com/usn/USN-1703-1
kb.askmonty.org/en/mariadb-5166-release-notes/
kb.askmonty.org/en/mariadb-5213-release-notes/
kb.askmonty.org/en/mariadb-5311-release-notes/
kb.askmonty.org/en/mariadb-5528a-release-notes/
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395