CVE-2013-2162

2013-08-19T13:07:00
ID CVE-2013-2162
Type cve
Reporter cve@mitre.org
Modified 2014-01-14T04:24:00

Description

Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.