Vulnerability Description
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mariadb | Mariadb | 5.5.28a |
| Oracle | Mysql | 5.5.19 |
| Linux | Linux Kernel | - |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.htmlMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2012/Dec/6ExploitMailing ListThird Party Advisory
- http://secunia.com/advisories/53372Broken Link
- http://security.gentoo.org/glsa/glsa-201308-06.xmlThird Party Advisory
- http://www.openwall.com/lists/oss-security/2012/12/02/3Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2012/12/02/4Mailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.htmlMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2012/Dec/6ExploitMailing ListThird Party Advisory
- http://secunia.com/advisories/53372Broken Link
- http://security.gentoo.org/glsa/glsa-201308-06.xmlThird Party Advisory
- http://www.openwall.com/lists/oss-security/2012/12/02/3Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2012/12/02/4Mailing ListThird Party Advisory
FAQ
What is CVE-2012-5613?
CVE-2012-5613 is a vulnerability with a CVSS score of 6.0 (MEDIUM). MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows r...
How severe is CVE-2012-5613?
CVE-2012-5613 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5613?
Check the references section above for vendor advisories and patch information. Affected products include: Mariadb Mariadb, Oracle Mysql, Linux Linux Kernel.