MySQL Server 5.5 post-installation script creates world-readable configuration file, leading to sensitive information exposure

MySQL Server 5.5 post-installation script creates world-readable configuration file, leading to sensitive information exposure

CVE-2013-2162 · LOW Severity

AV:L/AC:M/AU:N/C:P/I:N/A:N

Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.

Learn more about our Cis Benchmark Audit For Debian Linux.