MySQL 3.23.55 and previous versions creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle mysql 3.23.53a |
||
oracle mysql 3.23.54 |
||
oracle mysql 3.23.54a |
||
oracle mysql 3.23.55 |
||
oracle mysql 3.23.52 |
||
oracle mysql 3.23.53 |