1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
Candidate: CVE-2012-5613
PublicDate: 2012-12-03
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5613
http://seclists.org/fulldisclosure/2012/Dec/6
http://www.openwall.com/lists/oss-security/2012/12/02/4
http://www.openwall.com/lists/oss-security/2012/12/02/3
Description:
** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB
5.5.28a and possibly other versions, when configured to assign the FILE
privilege to users who should not have administrative privileges, allows
remote authenticated users to gain privileges by leveraging the FILE
privilege to create files as the MySQL administrator. NOTE: the vendor
disputes this issue, stating that this is only a vulnerability when the
administrator does not follow recommendations in the product's installation
documentation. NOTE: it could be argued that this should not be included
in CVE because it is a configuration issue.
Ubuntu-Description:
Notes:
mdeslaur> as of 2013-05-01, no new version from upstream
sarnold> Not actually fixed in 1807-1 -- my mistake
mdeslaur> This is disputed, marking as ignored
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695001
Priority: medium
Discovered-by:
Assigned-to:
Patches_mysql-5.5:
upstream_mysql-5.5: needs-triage
hardy_mysql-5.5: DNE
lucid_mysql-5.5: DNE
oneiric_mysql-5.5: DNE
precise_mysql-5.5: ignored
quantal_mysql-5.5: ignored
raring_mysql-5.5: ignored
devel_mysql-5.5: ignored
Patches_mysql-dfsg-5.1:
upstream_mysql-dfsg-5.1: needs-triage
hardy_mysql-dfsg-5.1: DNE
lucid_mysql-dfsg-5.1: ignored
oneiric_mysql-dfsg-5.1: DNE
precise_mysql-dfsg-5.1: DNE
quantal_mysql-dfsg-5.1: DNE
raring_mysql-dfsg-5.1: DNE
devel_mysql-dfsg-5.1: DNE
Patches_mysql-5.1:
upstream_mysql-5.1: needs-triage
hardy_mysql-5.1: DNE
lucid_mysql-5.1: DNE
oneiric_mysql-5.1: ignored
precise_mysql-5.1: DNE
quantal_mysql-5.1: DNE
raring_mysql-5.1: DNE
devel_mysql-5.1: DNE
|