Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0150

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2003-0150
Last Modified 07 Mar 2011 09:12:12
Published 24 Mar 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2003-0150

Summary

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

Vulnerable Systems

Application

  • Mysql 3.23.52

  • Mysql 3.23.53

  • Mysql 3.23.53a

  • Mysql 3.23.54

  • Mysql 3.23.54a

  • Mysql 3.23.55


References

CERT-VN - VU#203897

BID - 7052

BUGTRAQ - 20030318 [OpenPKG-SA-2003.022] OpenPKG Security Advisory (mysql)

XF - mysql-datadir-root-privileges(11510)

REDHAT - RHSA-2003:093

ENGARDE - ESA-20030324-012

DEBIAN - DSA-303

REDHAT - RHSA-2003:094

BUGTRAQ - 20030318 GLSA: mysql (200303-14)

BUGTRAQ - 20030310 Re: MySQL user can be changed to root

BUGTRAQ - 20030308 MySQL_user_can_be_changed_to_root?

CONECTIVA - CLA-2003:743

MANDRAKE - MDKSA-2003:057


Last Updated: 27 May 2016 10:37:48