Your submission was sent successfully! Close

CVE-2013-2162

Published: 10 June 2013

Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.

Notes

AuthorNote
jdstrand
mysql-cluster-7.0 not supported per Ubuntu Server team
Priority

Low

Status

Package Release Status
mysql-5.5
Launchpad, Ubuntu, Debian
lucid Does not exist

precise
Released (5.5.32-0ubuntu0.12.04.1)
quantal
Released (5.5.32-0ubuntu0.12.10.1)
raring
Released (5.5.32-0ubuntu0.13.04.1)
upstream Needs triage

mysql-cluster-7.0
Launchpad, Ubuntu, Debian
lucid Ignored

precise Does not exist

quantal Does not exist

raring Does not exist

upstream Needs triage

mysql-dfsg-5.1
Launchpad, Ubuntu, Debian
lucid
Released (5.1.70-0ubuntu0.10.04.1)
precise Does not exist

quantal Does not exist

raring Does not exist

upstream Needs triage