CVE-2012-5613

NameCVE-2012-5613
Description** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs695001

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mysql-5.5 (PTS)wheezy5.5.47-0+deb7u1vulnerable
wheezy (security)5.5.60-0+deb7u1vulnerable
jessie5.5.58-0+deb8u1vulnerable
jessie (security)5.5.60-0+deb8u1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mysql-5.1source(unstable)(unfixed)unimportant695001
mysql-5.5source(unstable)(unfixed)unimportant695001

Notes

Disputed as incorrect configuration
http://seclists.org/fulldisclosure/2012/Dec/6

Search for package or bug name: Reporting problems