LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

mysql - configuration file vulnerability

Package(s):mysql mysqld CVE #(s):CAN-2003-0150
Created:March 18, 2003 Updated:May 16, 2003
Description: According to a report on BugTraq, a vulnerability exists in version 3.23.55 and earlier versions of the MySQL server. If the MySQL server is launched by root, as it is often done by system startup scripts, any database users with the "FILE" privilege can write a configuration file (usually my.cnf) that causes the MySQL server to run under an arbitrary user id, including the user id of the super-user, on the next restart.
Alerts:
Debian DSA-303-1 2003-05-15
Mandrake MDKSA-2003:057 2003-05-14
Red Hat RHSA-2003:093-02 2002-03-05
Red Hat RHSA-2003:093-01 2003-04-29
EnGarde ESA-20030324-012 2003-03-24
Gentoo 200303-14 2003-03-18
OpenPKG OpenPKG-SA-2003.022 2003-03-18
Trustix 2003-0009 2003-03-18
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds