CVE-2012-5613 - OpenCVE

MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Mariadb	Mariadb
Oracle	Mysql

Configuration 1 [-]

AND

OR	cpe:2.3:a:mariadb:mariadb:5.5.28a:::::::*
	cpe:2.3:a:oracle:mysql:5.5.19:::::::*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2012/Dec/6	Exploit Mailing List Third Party Advisory
http://secunia.com/advisories/53372	Broken Link
http://security.gentoo.org/glsa/glsa-201308-06.xml	Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/12/02/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/12/02/4	Mailing List Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-12-03T00:00:00

Updated: 2023-02-12T00:00:00

Reserved: 2012-10-24T00:00:00

Link: CVE-2012-5613

JSON object: View

NVD Information

Status : Analyzed

Published: 2012-12-03T12:49:43.643

Modified: 2024-05-17T16:58:49.627

Link: CVE-2012-5613

JSON object: View

Redhat Information

No data.

CWE

CWE-16

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2012-5613", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2023-02-12T00:00:00", "dateReserved": "2012-10-24T00:00:00", "datePublished": "2012-12-03T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-02-12T00:00:00"}, "descriptions": [{"lang": "en", "value": "MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue."}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "53372", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/53372"}, {"name": "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2012/12/02/3"}, {"name": "GLSA-201308-06", "tags": ["vendor-advisory"], "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"}, {"name": "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2012/12/02/4"}, {"name": "SUSE-SU-2013:0262", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html"}, {"name": "20121201 MySQL (Linux) Database Privilege Elevation\tZeroday Exploit", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2012/Dec/6"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2012-12-01T00:00:00"}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.28a:*:*:*:*:*:*:*", "matchCriteriaId": "46E32ACD-E034-4FD6-A54A-43AFDA1AA196", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*", "matchCriteriaId": "77E105E9-FE65-4B75-9818-D3897294E941", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue."}, {"lang": "es", "value": "** En disputa ** MySQL v5.5.19 y posiblemente otras versiones, y MariaDB v5.5.28a y posiblemente otros, cuando se configura para asignar el permiso FILE para los usuarios que no deben tener privilegios administrativos, permite a usuarios remotos autenticados obtener privilegios aprovech\u00e1ndose del privilegio FILE para crear los archivos como el administrador de MySQL. NOTA: el vendedor se opone a esta cuesti\u00f3n, afirmando que esto es s\u00f3lo una vulnerabilidad cuando el administrador no sigue las recomendaciones en la documentaci\u00f3n de instalaci\u00f3n del producto. NOTA: Se podr\u00eda argumentar que esto no deber\u00eda ser incluido en CVE porque es un problema de configuraci\u00f3n.\r\n"}], "evaluatorComment": "Per http://www.openwall.com/lists/oss-security/2012/12/02/3, this vulnerability is for linux-based software installations.\n\n", "id": "CVE-2012-5613", "lastModified": "2024-05-17T16:58:49.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-03T12:49:43.643", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2012/Dec/6"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/53372"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/12/02/3"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/12/02/4"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}