Vulnerabilities > CVE-2012-5613 - Configuration vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description MySQL (Linux) - Database Privilege Elevation Exploit (0day). CVE-2012-5613. Local exploit for linux platform id EDB-ID:23077 last seen 2016-02-02 modified 2012-12-02 published 2012-12-02 reporter kingcope source https://www.exploit-db.com/download/23077/ title MySQL Linux - Database Privilege Elevation Exploit 0day description Oracle MySQL for Microsoft Windows FILE Privilege Abuse. CVE-2012-5613. Remote exploit for windows platform id EDB-ID:35777 last seen 2016-02-04 modified 2015-01-13 published 2015-01-13 reporter metasploit source https://www.exploit-db.com/download/35777/ title Oracle MySQL for Microsoft Windows - FILE Privilege Abuse description Oracle MySQL for Microsoft Windows MOF Execution. CVE-2012-5613. Remote exploit for windows platform id EDB-ID:23179 last seen 2016-02-02 modified 2012-12-06 published 2012-12-06 reporter metasploit source https://www.exploit-db.com/download/23179/ title Oracle MySQL for Microsoft Windows MOF Execution
Metasploit
description This module takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers (due to the use of a .mof file). This may result in arbitrary code execution under the context of SYSTEM. This module requires a valid MySQL account on the target machine. id MSF:EXPLOIT/WINDOWS/MYSQL/MYSQL_MOF last seen 2020-06-01 modified 2018-09-15 published 2012-12-06 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/mysql/mysql_mof.rb title Oracle MySQL for Microsoft Windows MOF Execution description This module takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers. This module abuses the FILE privilege to write a payload to Microsoft's All Users Start Up directory which will execute every time a user logs in. The default All Users Start Up directory used by the module is present on Windows 7. id MSF:EXPLOIT/WINDOWS/MYSQL/MYSQL_START_UP last seen 2020-06-01 modified 2020-01-15 published 2013-07-25 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/mysql/mysql_start_up.rb title Oracle MySQL for Microsoft Windows FILE Privilege Abuse
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201308-06.NASL description The remote host is affected by the vulnerability described in GLSA-201308-06 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 69508 published 2013-08-30 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69508 title GLSA-201308-06 : MySQL: Multiple vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1807-1.NASL description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-69.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-31.html http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.h tml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 66215 published 2013-04-25 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66215 title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-1807-1) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBMYSQLCLIENT-DEVEL-121227.NASL description A stack-based buffer overflow in MySQL has been fixed that could have caused a Denial of Service or potentially allowed the execution of arbitrary code. (CVE-2012-5611) last seen 2020-06-05 modified 2013-02-10 plugin id 64531 published 2013-02-10 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64531 title SuSE 11.2 Security Update : MySQL (SAT Patch Number 7251)
Packetstorm
data source https://packetstormsecurity.com/files/download/118667/mysql_mof.rb.txt id PACKETSTORM:118667 last seen 2016-12-05 published 2012-12-07 reporter Kingcope source https://packetstormsecurity.com/files/118667/Oracle-MySQL-For-Microsoft-Windows-MOF-Execution.html title Oracle MySQL For Microsoft Windows MOF Execution data source https://packetstormsecurity.com/files/download/118552/mysql_privilege_elevation.pl.txt id PACKETSTORM:118552 last seen 2016-12-05 published 2012-12-03 reporter Kingcope source https://packetstormsecurity.com/files/118552/Oracle-MySQL-Privilege-Escalation.html title Oracle MySQL Privilege Escalation
Saint
| bid | 56771 |
| description | MySQL FILE privilege elevation |
| id | database_mysql_version |
| osvdb | 88118 |
| title | mysql_file |
| type | remote |
References
- http://www.openwall.com/lists/oss-security/2012/12/02/3
- http://seclists.org/fulldisclosure/2012/Dec/6
- http://www.openwall.com/lists/oss-security/2012/12/02/4
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html
- http://security.gentoo.org/glsa/glsa-201308-06.xml
- http://secunia.com/advisories/53372