Published: 19/08/2013 Updated: 14/01/2014

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 13.04
canonical ubuntu linux 12.10
canonical ubuntu linux 12.04
canonical ubuntu linux 10.04

Debian Bug report logs - #711600 mysql-server: CVE-2013-2162: Insecure creation of the credential file debiancnf Package: mysql-server; Maintainer for mysql-server is Debian MySQL Maintainers <pkg-mysql-maint@listsaliothdebianorg>; Source for mysql-server is src:mysql-57 (PTS, buildd, popcon) Reported by: vladz <vlad ...

Several security issues were fixed in MySQL ...

Several issues have been discovered in the MySQL database server The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5533, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes Please see the MySQL 55 Release Notes for further details: http:/ ...

CWE-362 http://ubuntu.com/usn/usn-1909-1 http://www.securityfocus.com/bid/60424 http://secunia.com/advisories/54300 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600 http://seclists.org/oss-sec/2013/q2/528 http://www.debian.org/security/2013/dsa-2818 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600 https://usn.ubuntu.com/1909-1/

CVE-2013-2162

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect