Follow @discotekdotca
CVE-2003-0150
Current Description
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.
Basic Data
| Published | March 24, 2003 |
|---|---|
| Last Modified | October 07, 2019 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | NVD-CWE-Other |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:L/Au:S/C:C/I:C/A:C |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | LOW |
| CVSS 2 - Authentication | SINGLE |
| CVSS 2 - Confidentiality Impact | COMPLETE |
| CVSS 2 - Availability Impact | COMPLETE |
| CVSS 2 - Base Score | 9.0 |
| Severity | HIGH |
| Exploitability Score | 8.0 |
| Impact Score | 10.0 |
| Obtain All Privilege | true |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Oracle Mysql 3.23.52 * * * * * * * � � � � 2.3 Application Oracle Mysql 3.23.53 * * * * * * * � � � � 2.3 Application Oracle Mysql 3.23.53a * * * * * * * � � � � 2.3 Application Oracle Mysql 3.23.54 * * * * * * * � � � � 2.3 Application Oracle Mysql 3.23.54a * * * * * * * � � � � 2.3 Application Oracle Mysql 3.23.55 * * * * * * * � � � �
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Mysql | 3.23.52, 3.23.53, 3.23.53a, 3.23.54, 3.23.54a, 3.23.55 |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| CLA-2003:743 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743 | CONECTIVA | |
| 20030308 MySQL_user_can_be_changed_to_root? | http://marc.info/?l=bugtraq&m=104715840202315&w=2 | BUGTRAQ | |
| 20030310 Re: MySQL user can be changed to root | http://marc.info/?l=bugtraq&m=104739810523433&w=2 | BUGTRAQ | |
| 20030318 [OpenPKG-SA-2003.022] OpenPKG Security Advisory (mysql) | http://marc.info/?l=bugtraq&m=104800948128630&w=2 | BUGTRAQ | |
| 20030318 GLSA: mysql (200303-14) | http://marc.info/?l=bugtraq&m=104802285012750&w=2 | BUGTRAQ | |
| RHSA-2003:094 | http://rhn.redhat.com/errata/RHSA-2003-094.html | REDHAT | |
| DSA-303 | http://www.debian.org/security/2003/dsa-303 | DEBIAN | |
| VU#203897 | http://www.kb.cert.org/vuls/id/203897 | CERT-VN | US Government Resource |
| ESA-20030324-012 | http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html | ENGARDE | |
| MDKSA-2003:057 | http://www.mandriva.com/security/advisories?name=MDKSA-2003:057 | MANDRAKE | |
| RHSA-2003:093 | http://www.redhat.com/support/errata/RHSA-2003-093.html | REDHAT | |
| 7052 | http://www.securityfocus.com/bid/7052 | BID | Exploit Patch Vendor Advisory |
| mysql-datadir-root-privileges(11510) | https://exchange.xforce.ibmcloud.com/vulnerabilities/11510 | XF | |
| oval:org.mitre.oval:def:442 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A442 | OVAL |