MySQL FILE privilege elevation

Added: 12/21/2012
CVE: CVE-2012-5613
BID: 56771
OSVDB: 88118

Background

MySQL is an open-source database software package available for multiple platforms.

Problem

A database user who has FILE permission can write arbitrary files to the file system, leading to privilege elevation.

Resolution

Revoke the FILE permission from unprivileged database users, as recommended in the MySQL Reference Manual.

References

https://bugzilla.redhat.com/show_bug.cgi?id=882606

Limitations

Exploit works on MySQL 5.5.28 on Windows Server 2003, and requires a valid MySQL database login and password to an account with FILE privilege.

Platforms

Windows

Back to exploit index