Vulnerability Details CVE-2013-2162
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.7%
CVSS Severity
CVSS v2 Score 1.9
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600
- http://seclists.org/oss-sec/2013/q2/528
- http://secunia.com/advisories/54300
- http://ubuntu.com/usn/usn-1909-1
- http://www.debian.org/security/2013/dsa-2818
- http://www.securityfocus.com/bid/60424
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600
- http://seclists.org/oss-sec/2013/q2/528
- http://secunia.com/advisories/54300
- http://ubuntu.com/usn/usn-1909-1
- http://www.debian.org/security/2013/dsa-2818
- http://www.securityfocus.com/bid/60424
Products affected by CVE-2013-2162
-
cpe:2.3:o:canonical:ubuntu_linux:10.04
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:12.10
-
cpe:2.3:o:canonical:ubuntu_linux:13.04