MySQL FILE privilege elevation

2012-12-21T00:00:00
ID SAINT:135035042B9D35EFEC128138D0D8EA00
Type saint
Reporter SAINT Corporation
Modified 2012-12-21T00:00:00

Description

Added: 12/21/2012
CVE: CVE-2012-5613
BID: 56771
OSVDB: 88118

Background

MySQL is an open-source database software package available for multiple platforms.

Problem

A database user who has FILE permission can write arbitrary files to the file system, leading to privilege elevation.

Resolution

Revoke the FILE permission from unprivileged database users, as recommended in the MySQL Reference Manual.

References

<https://bugzilla.redhat.com/show_bug.cgi?id=882606>

Limitations

Exploit works on MySQL 5.5.28 on Windows Server 2003, and requires a valid MySQL database login and password to an account with FILE privilege.

Platforms

Windows