CVE-2013-2162

EUVD-2013-2125
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
1.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
canonicalubuntu_linux
13.04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mysql-5.5
lucid
dne
precise
Fixed 5.5.32-0ubuntu0.12.04.1
released
quantal
Fixed 5.5.32-0ubuntu0.12.10.1
released
raring
Fixed 5.5.32-0ubuntu0.13.04.1
released
mysql-cluster-7.0
lucid
ignored
precise
dne
quantal
dne
raring
dne
mysql-dfsg-5.1
lucid
Fixed 5.1.70-0ubuntu0.10.04.1
released
precise
dne
quantal
dne
raring
dne
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600
http://seclists.org/oss-sec/2013/q2/528
http://secunia.com/advisories/54300
http://ubuntu.com/usn/usn-1909-1
http://www.debian.org/security/2013/dsa-2818
http://www.securityfocus.com/bid/60424
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600
http://seclists.org/oss-sec/2013/q2/528
http://secunia.com/advisories/54300
http://ubuntu.com/usn/usn-1909-1
http://www.debian.org/security/2013/dsa-2818
http://www.securityfocus.com/bid/60424