ID |
CVE-2003-0150
|
Summary |
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:3.23.55:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.55:*:*:*:*:*:*:*
|
CVSS |
Base: | 9.0 (as of 07-10-2019 - 16:41) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
SINGLE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
oval
via4
|
accepted | 2010-09-20T04:00:25.618-04:00 | class | vulnerability | contributors | name | Jay Beale | organization | Bastille Linux |
name | Jay Beale | organization | Bastille Linux |
name | Thomas R. Jones | organization | Maitreya Security |
name | Jonathan Baker | organization | The MITRE Corporation |
| description | MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. | family | unix | id | oval:org.mitre.oval:def:442 | status | accepted | submitted | 2003-08-18T12:00:00.000-04:00 | title | MYSQL Privilege Escalation Vulnerability via INFO OUTFILE Select | version | 41 |
|
redhat
via4
|
|
refmap
via4
|
bid | 7052 | bugtraq | - 20030308 MySQL_user_can_be_changed_to_root?
- 20030310 Re: MySQL user can be changed to root
- 20030318 GLSA: mysql (200303-14)
- 20030318 [OpenPKG-SA-2003.022] OpenPKG Security Advisory (mysql)
| cert-vn | VU#203897 | conectiva | CLA-2003:743 | debian | DSA-303 | engarde | ESA-20030324-012 | mandrake | MDKSA-2003:057 | xf | mysql-datadir-root-privileges(11510) |
|
Last major update |
07-10-2019 - 16:41 |
Published |
24-03-2003 - 05:00 |
Last modified |
07-10-2019 - 16:41 |