|
|
Subscribe / Log in / New account

mysql - configuration file vulnerability

Package(s):mysql mysqld CVE #(s):CAN-2003-0150
Created:March 18, 2003 Updated:May 16, 2003
Description: According to a report on BugTraq, a vulnerability exists in version 3.23.55 and earlier versions of the MySQL server. If the MySQL server is launched by root, as it is often done by system startup scripts, any database users with the "FILE" privilege can write a configuration file (usually my.cnf) that causes the MySQL server to run under an arbitrary user id, including the user id of the super-user, on the next restart.
Alerts:
Debian DSA-303-1 mysql 2003-05-15
Mandrake MDKSA-2003:057 MySQL 2003-05-14
Red Hat RHSA-2003:093-02 MySQL 2002-03-05
Red Hat RHSA-2003:093-01 MySQL 2003-04-29
EnGarde ESA-20030324-012 MySQL 2003-03-24
Gentoo 200303-14 mysql 2003-03-18
OpenPKG OpenPKG-SA-2003.022 mysql 2003-03-18
Trustix 2003-0009 mysql 2003-03-18
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds