MySQL GRANT Query Buffer Overflow (Dec 6, 2012)

By

MySQL is the world’s most used open source relational database management system (RDBMS) as of 2008 that runs as a server providing multi-user access to a number of databases. MySQL is a popular choice of database for use in web applications, and is a central component of the widely used LAMP open source web application software stack (and other ‘AMP’ stacks). LAMP is an acronym for “Linux, Apache, MySQL, Perl/PHP/Python.” Free-software-open source projects that require a full-featured database management system often use MySQL.

MySQL supports the Structured Query Language (SQL) for querying and updating stored data. Usually the MySQL protocol is used to communicate with the MySQL database. GRANT is one of the common used query commands in SQL language. An example of the use of the GRANT query follows:

 GRANT ALL PRIVILEGES ON db_base.* TO db_user @'%' IDENTIFIED BY 'db_passwd'; 

A stack buffer overflow vulnerability exists in MySQL database server. The vulnerability is due to lack of input validation while the vulnerable codes handle the GRANT request. A remote authenticated attacker can exploit this vulnerability by sending a crafted GRANT request to a target server. Successful exploitation could result in execution of arbitrary code within the security context of the MySQL service.

Dell SonicWALL UTM team has researched this vulnerability and released the following signatures addressing the issue:

  • 9308 MySQL GRANT SELECT Buffer Overflow
  • 9309 MySQL GRANT FILE Buffer Overflow

This vulnerability has been referred by CVE as CVE-2012-5611.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.