Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Published: 2012-12-03
Updated: 2024-04-11
Summary
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | MySQL (Linux) - Database Privilege Elevation Exploit (0day). CVE-2012-5613. Local exploit for linux platform |
id | EDB-ID:23077 |
last seen | 2016-02-02 |
modified | 2012-12-02 |
published | 2012-12-02 |
reporter | kingcope |
source | https://www.exploit-db.com/download/23077/ |
title | MySQL Linux - Database Privilege Elevation Exploit 0day |
description | Oracle MySQL for Microsoft Windows FILE Privilege Abuse. CVE-2012-5613. Remote exploit for windows platform |
id | EDB-ID:35777 |
last seen | 2016-02-04 |
modified | 2015-01-13 |
published | 2015-01-13 |
reporter | metasploit |
source | https://www.exploit-db.com/download/35777/ |
title | Oracle MySQL for Microsoft Windows - FILE Privilege Abuse |
description | Oracle MySQL for Microsoft Windows MOF Execution. CVE-2012-5613. Remote exploit for windows platform |
id | EDB-ID:23179 |
last seen | 2016-02-02 |
modified | 2012-12-06 |
published | 2012-12-06 |
reporter | metasploit |
source | https://www.exploit-db.com/download/23179/ |
title | Oracle MySQL for Microsoft Windows MOF Execution |
Metasploit
description | This module takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers (due to the use of a .mof file). This may result in arbitrary code execution under the context of SYSTEM. This module requires a valid MySQL account on the target machine. |
id | MSF:EXPLOIT/WINDOWS/MYSQL/MYSQL_MOF |
last seen | 2020-06-01 |
modified | 2018-09-15 |
published | 2012-12-06 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/mysql/mysql_mof.rb |
title | Oracle MySQL for Microsoft Windows MOF Execution |
description | This module takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers. This module abuses the FILE privilege to write a payload to Microsoft's All Users Start Up directory which will execute every time a user logs in. The default All Users Start Up directory used by the module is present on Windows 7. |
id | MSF:EXPLOIT/WINDOWS/MYSQL/MYSQL_START_UP |
last seen | 2020-06-01 |
modified | 2020-01-15 |
published | 2013-07-25 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/mysql/mysql_start_up.rb |
title | Oracle MySQL for Microsoft Windows FILE Privilege Abuse |
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-201308-06.NASL |
description | The remote host is affected by the vulnerability described in GLSA-201308-06 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 69508 |
published | 2013-08-30 |
reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/69508 |
title | GLSA-201308-06 : MySQL: Multiple vulnerabilities |
NASL family | Ubuntu Local Security Checks |
NASL id | UBUNTU_USN-1807-1.NASL |
description | Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-69.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-31.html http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.h tml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 66215 |
published | 2013-04-25 |
reporter | Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/66215 |
title | Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-1807-1) |
NASL family | SuSE Local Security Checks |
NASL id | SUSE_11_LIBMYSQLCLIENT-DEVEL-121227.NASL |
description | A stack-based buffer overflow in MySQL has been fixed that could have caused a Denial of Service or potentially allowed the execution of arbitrary code. (CVE-2012-5611) |
last seen | 2020-06-05 |
modified | 2013-02-10 |
plugin id | 64531 |
published | 2013-02-10 |
reporter | This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/64531 |
title | SuSE 11.2 Security Update : MySQL (SAT Patch Number 7251) |
Saint
bid | 56771 |
description | MySQL FILE privilege elevation |
id | database_mysql_version |
osvdb | 88118 |
title | mysql_file |
type | remote |