CVE-2013-2162
Published: 10 June 2013
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.
Notes
Author | Note |
---|---|
jdstrand | mysql-cluster-7.0 not supported per Ubuntu Server team |
Priority
Status
Package | Release | Status |
---|---|---|
mysql-5.5 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(5.5.32-0ubuntu0.12.04.1)
|
|
quantal |
Released
(5.5.32-0ubuntu0.12.10.1)
|
|
raring |
Released
(5.5.32-0ubuntu0.13.04.1)
|
|
upstream |
Needs triage
|
|
mysql-cluster-7.0 Launchpad, Ubuntu, Debian |
lucid |
Ignored
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Needs triage
|
|
mysql-dfsg-5.1 Launchpad, Ubuntu, Debian |
lucid |
Released
(5.1.70-0ubuntu0.10.04.1)
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Needs triage
|