CVE Vulnerabilities

CVE-2003-0150

Published: Mar 24, 2003 | Modified: Oct 07, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9 HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the SELECT * INFO OUTFILE operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

Affected Software

Name Vendor Start Version End Version
Mysql Oracle 3.23.52 3.23.52
Mysql Oracle 3.23.53 3.23.53
Mysql Oracle 3.23.53a 3.23.53a
Mysql Oracle 3.23.54 3.23.54
Mysql Oracle 3.23.54a 3.23.54a
Mysql Oracle 3.23.55 3.23.55

References