CVE Reference: CVE-2013-2162

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2013-2162

Description:
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.

CVE Status:
Candidate

References:

UBUNTU
  http://ubuntu.com/usn/usn-1909-1

SAID
  Secunia Advisory: SA54300

MLIST
  http://seclists.org/oss-sec/2013/q2/528

MISC
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600

DEBIAN
  http://www.debian.org/security/2013/dsa-2818

BID
  60424


Return to the previous page.