CVE-2013-2162
Description
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| ubuntu | 10.04 | affected | |
| ubuntu | 12.04 | affected | |
| ubuntu | 12.10 | affected | |
| ubuntu | 13.04 | affected | |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600
- http://seclists.org/oss-sec/2013/q2/528
- http://secunia.com/advisories/54300
- http://ubuntu.com/usn/usn-1909-1
- http://www.debian.org/security/2013/dsa-2818
- http://www.securityfocus.com/bid/60424
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600
- http://seclists.org/oss-sec/2013/q2/528
- http://secunia.com/advisories/54300
- http://ubuntu.com/usn/usn-1909-1
- http://www.debian.org/security/2013/dsa-2818
- http://www.securityfocus.com/bid/60424
CWEs
CWE-362
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.