ID CVE-2012-5613
Summary ** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue. Per http://www.openwall.com/lists/oss-security/2012/12/02/3, this vulnerability is for linux-based software installations.
References
Vulnerable Configurations
  • cpe:2.3:a:mariadb:mariadb:5.5.28a:*:*:*:*:*:*:*
    cpe:2.3:a:mariadb:mariadb:5.5.28a:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 21-02-2014 - 04:55)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
refmap via4
fulldisc 20121201 MySQL (Linux) Database Privilege Elevation Zeroday Exploit
gentoo GLSA-201308-06
mlist [oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
secunia 53372
suse SUSE-SU-2013:0262
saint via4
bid 56771
description MySQL FILE privilege elevation
id database_mysql_version
osvdb 88118
title mysql_file
type remote
Last major update 21-02-2014 - 04:55
Published 03-12-2012 - 12:49
Last modified 21-02-2014 - 04:55
Back to Top