CVE-2013-2162

Published: 10 June 2013

Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.

Priority

Low

Status

Package Release Status
mysql-5.5
Launchpad, Ubuntu, Debian
Upstream Needs triage

mysql-cluster-7.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

mysql-dfsg-5.1
Launchpad, Ubuntu, Debian
Upstream Needs triage