Published: 19/08/2013 Updated: 14/01/2014
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
VMScore: 169
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.

Affected Products

Vendor Product Versions
CanonicalUbuntu Linux10.04, 12.04, 12.10, 13.04

Vendor Advisories

Several security issues were fixed in MySQL ...
Several issues have been discovered in the MySQL database server The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5533, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes Please see the MySQL 55 Release Notes for further details: http:/ ...
Debian Bug report logs - #711600 mysql-server: CVE-2013-2162: Insecure creation of the credential file debiancnf Package: mysql-server; Maintainer for mysql-server is Debian MySQL Maintainers <pkg-mysql-maint@listsaliothdebianorg>; Source for mysql-server is src:mysql-57 (PTS, buildd, popcon) Reported by: vladz <vlad ...