CVE-2013-2162

Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
VendorProductVersion
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
canonicalubuntu_linux
13.04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mysql-5.5
raring
Fixed 5.5.32-0ubuntu0.13.04.1
released
quantal
Fixed 5.5.32-0ubuntu0.12.10.1
released
precise
Fixed 5.5.32-0ubuntu0.12.04.1
released
lucid
dne
mysql-cluster-7.0
raring
dne
quantal
dne
precise
dne
lucid
ignored
mysql-dfsg-5.1
raring
dne
quantal
dne
precise
dne
lucid
Fixed 5.1.70-0ubuntu0.10.04.1
released
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600
http://seclists.org/oss-sec/2013/q2/528
http://secunia.com/advisories/54300
http://ubuntu.com/usn/usn-1909-1
http://www.debian.org/security/2013/dsa-2818
http://www.securityfocus.com/bid/60424
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600
http://seclists.org/oss-sec/2013/q2/528
http://secunia.com/advisories/54300
http://ubuntu.com/usn/usn-1909-1
http://www.debian.org/security/2013/dsa-2818
http://www.securityfocus.com/bid/60424