MySQL Server 5.5 post-installation script creates world-readable configuration file, leading to sensitive information exposure
CVE-2013-2162 · LOW Severity
AV:L/AC:M/AU:N/C:P/I:N/A:N
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.
Learn more about our Cis Benchmark Audit For Debian Linux.