CVE-2013-2162

Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.

Published: Aug 19, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-2162
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 1.9
AV:L/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
canonical / ubuntu_linux	13.04	13.04.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	10.04	10.04.x

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600
http://seclists.org/oss-sec/2013/q2/528
http://secunia.com/advisories/54300
http://ubuntu.com/usn/usn-1909-1
http://www.debian.org/security/2013/dsa-2818
http://www.securityfocus.com/bid/60424

Vulnerability Database

CVE-2013-2162