Vulnerability discovered by @kingcope Vulnerability disclosed by @kingcope the 2012-12-01
PoC provided by:
CVE-2012-5613 Full Disclosure Mailing-list Red Hat Bugzilla
Affected versions :
MySQL 5.0 MySQL 5.1 Other ?
Tested on Centos 5.8 x86 with:
MySQL Server version 5.0.95 Source distribution
An attacker with access to a MySQL database through a user having some specific privileges, will be allowed, through this vulnerability to create a MySQL administrator user. The created user specified in the PoC script is by default "rootedbox2" with "rootedbox2" as password.