CVE-2003-0150

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/03/2003
Last modified:
20/11/2024

Description

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.55:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools