Upstream information
Description
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
NVD | |
---|---|
Base Score | 9 |
Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Access Vector | Network |
Access Complexity | Low |
Authentication | Single |
Confidentiality Impact | Complete |
Integrity Impact | Complete |
Availability Impact | Complete |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 00:18:20 2013CVE page last modified: Mon Sep 9 16:12:07 2024