CVE-2003-0150 | Vulnerability Database | Aqua Security

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the SELECT * INFO OUTFILE operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

Affected Software

Name	Vendor	Start Version	End Version
Mysql	Oracle	3.23.52	3.23.52
Mysql	Oracle	3.23.53	3.23.53
Mysql	Oracle	3.23.53a	3.23.53a
Mysql	Oracle	3.23.54	3.23.54
Mysql	Oracle	3.23.54a	3.23.54a
Mysql	Oracle	3.23.55	3.23.55

References

http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000743
http://marc.info/?l=bugtraq\u0026m=104715840202315\u0026w=2
http://marc.info/?l=bugtraq\u0026m=104739810523433\u0026w=2
http://marc.info/?l=bugtraq\u0026m=104800948128630\u0026w=2
http://marc.info/?l=bugtraq\u0026m=104802285012750\u0026w=2
http://rhn.redhat.com/errata/RHSA-2003-094.html
http://www.debian.org/security/2003/dsa-303
http://www.kb.cert.org/vuls/id/203897
http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:057
http://www.redhat.com/support/errata/RHSA-2003-093.html
http://www.securityfocus.com/bid/7052
https://exchange.xforce.ibmcloud.com/vulnerabilities/11510
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A442

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0150
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html