CVE-2012-5613

Oracle MySQL for Microsoft Windows FILE Privilege Abuse

Severity Score

6.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.

** En disputa ** MySQL v5.5.19 y posiblemente otras versiones, y MariaDB v5.5.28a y posiblemente otros, cuando se configura para asignar el permiso FILE para los usuarios que no deben tener privilegios administrativos, permite a usuarios remotos autenticados obtener privilegios aprovechándose del privilegio FILE para crear los archivos como el administrador de MySQL. NOTA: el vendedor se opone a esta cuestión, afirmando que esto es sólo una vulnerabilidad cuando el administrador no sigue las recomendaciones en la documentación de instalación del producto. NOTA: Se podría argumentar que esto no debería ser incluido en CVE porque es un problema de configuración.

Oracle MySQL on Linux suffers from a vulnerability that allows an attacker to add a new admin user.

*Credits: N/A

CVSS Scores

NISTv2 6.0

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-10-24 CVE Reserved
2012-12-01 First Exploit
2012-12-03 CVE Published
2024-08-06 CVE Updated
2024-09-01 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-16: Configuration

CAPEC

References (13)

URL	Tag	Source
http://secunia.com/advisories/53372	Broken Link
http://www.openwall.com/lists/oss-security/2012/12/02/3	Mailing List
http://www.openwall.com/lists/oss-security/2012/12/02/4	Mailing List
https://seclists.org/fulldisclosure/2012/Dec/13

URL	Date	SRC
https://www.exploit-db.com/exploits/23077	2012-12-02
https://www.exploit-db.com/exploits/35777	2015-01-13
https://www.exploit-db.com/exploits/23179	2012-12-06
https://github.com/w4fz5uck5/UDFPwn-CVE-2012-5613	2018-06-17
http://seclists.org/fulldisclosure/2012/Dec/6	2024-08-06
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/mysql/mysql_mof.rb	2012-12-01
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/mysql/mysql_start_up.rb	2012-12-01

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html	2024-05-17
http://security.gentoo.org/glsa/glsa-201308-06.xml	2024-05-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mariadb Search vendor "Mariadb"	Mariadb Search vendor "Mariadb" for product "Mariadb"	5.5.28a Search vendor "Mariadb" for product "Mariadb" and version "5.5.28a"	-	Affected	in	Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	-	-	Safe
Oracle Search vendor "Oracle"	Mysql Search vendor "Oracle" for product "Mysql"	5.5.19 Search vendor "Oracle" for product "Mysql" and version "5.5.19"	-	Affected	in	Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	-	-	Safe