Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2012-5613
Modified
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-03 Dec, 2012 | 12:49
Updated At-29 Apr, 2026 | 01:13

MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.0MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.0
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P
CPE Matches
MariaDB Foundation
mariadb
>>mariadb>>5.5.28a
cpe:2.3:a:mariadb:mariadb:5.5.28a:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>5.5.19
cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-16Primarynvd@nist.gov
CWE ID: CWE-16
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Per http://www.openwall.com/lists/oss-security/2012/12/02/3, this vulnerability is for linux-based software installations.
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2012/Dec/6secalert@redhat.com
Exploit
Mailing List
Third Party Advisory
http://secunia.com/advisories/53372secalert@redhat.com
Broken Link
http://security.gentoo.org/glsa/glsa-201308-06.xmlsecalert@redhat.com
Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/12/02/3secalert@redhat.com
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/12/02/4secalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2012/Dec/6af854a3a-2127-422b-91ae-364da2661108
Exploit
Mailing List
Third Party Advisory
http://secunia.com/advisories/53372af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://security.gentoo.org/glsa/glsa-201308-06.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/12/02/3af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/12/02/4af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2012/Dec/6
Source: secalert@redhat.com
Resource:
Exploit
Mailing List
Third Party Advisory
Hyperlink: http://secunia.com/advisories/53372
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-201308-06.xml
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2012/12/02/3
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2012/12/02/4
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2012/Dec/6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Mailing List
Third Party Advisory
Hyperlink: http://secunia.com/advisories/53372
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-201308-06.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2012/12/02/3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2012/12/02/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Change History
0Changes found
Details not found