CVE-2003-0150

2003-03-2405:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

mysql

vulnerability

root privileges

cve-2003-0150

nvd

6.4 Medium

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.021 Low

EPSS

Percentile

88.9%

JSON

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the “SELECT * INFO OUTFILE” operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

CPENameOperatorVersion
oracle:mysqloracle mysqleq3.23.52
oracle:mysqloracle mysqleq3.23.53
oracle:mysqloracle mysqleq3.23.53a
oracle:mysqloracle mysqleq3.23.54
oracle:mysqloracle mysqleq3.23.54a
oracle:mysqloracle mysqleq3.23.55

CPE	Name	Operator	Version
oracle:mysql	oracle mysql	eq	3.23.52
oracle:mysql	oracle mysql	eq	3.23.53
oracle:mysql	oracle mysql	eq	3.23.53a
oracle:mysql	oracle mysql	eq	3.23.54
oracle:mysql	oracle mysql	eq	3.23.54a
oracle:mysql	oracle mysql	eq	3.23.55