CVE-2003-0150

Severity

90%

Complexity

80%

Confidentiality

165%

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

CVSS 2.0 Base Score 9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C).

Overview

Type

Oracle MySQL

First reported 21 years ago

2003-03-24 05:00:00

Last updated 5 years ago

2019-10-07 16:41:00

Affected Software

Oracle MySQL 3.23.52

3.23.52

Oracle MySQL 3.23.53

3.23.53

Oracle MySQL 3.23.53a

3.23.53a

Oracle MySQL 3.23.54

3.23.54

Oracle MySQL 3.23.54a

3.23.54a

Oracle MySQL 3.23.55

3.23.55

References

CLA-2003:743

20030308 MySQL_user_can_be_changed_to_root?

20030310 Re: MySQL user can be changed to root

20030318 [OpenPKG-SA-2003.022] OpenPKG Security Advisory (mysql)

20030318 GLSA: mysql (200303-14)

RHSA-2003:094

DSA-303

VU#203897

US Government Resource

ESA-20030324-012

MDKSA-2003:057

RHSA-2003:093

7052

Exploit, Patch, Vendor Advisory

mysql-datadir-root-privileges(11510)

oval:org.mitre.oval:def:442

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.