MySQL GRANT Query Buffer Overflow

December 6, 2012

MySQL is the world's most used open source relational database management system (RDBMS) as of 2008 that runs as a server providing multi-user access to a number of databases. MySQL is a popular choice of database for use in web applications, and is a central component of the widely used LAMP open source web application software stack (and other 'AMP' stacks). LAMP is an acronym for "Linux, Apache, MySQL, Perl/PHP/Python." Free-software-open source projects that require a full-featured database management system often use MySQL.

MySQL supports the Structured Query Language (SQL) for querying and updating stored data. Usually the MySQL protocol is used to communicate with the MySQL database. GRANT is one of the common used query commands in SQL language. An example of the use of the GRANT query follows:

 GRANT ALL PRIVILEGES ON db_base.* TO db_user @'%' IDENTIFIED BY 'db_passwd'; 

A stack buffer overflow vulnerability exists in MySQL database server. The vulnerability is due to lack of input validation while the vulnerable codes handle the GRANT request. A remote authenticated attacker can exploit this vulnerability by sending a crafted GRANT request to a target server. Successful exploitation could result in execution of arbitrary code within the security context of the MySQL service.

Dell SonicWALL UTM team has researched this vulnerability and released the following signatures addressing the issue:

  • 9308 MySQL GRANT SELECT Buffer Overflow
  • 9309 MySQL GRANT FILE Buffer Overflow

This vulnerability has been referred by CVE as CVE-2012-5611.