MySQL datadir/my.cnf Modification Privilege Escalation

This script is Copyright (C) 2003-2011 StrongHoldNet


Synopsis :

The remote database server is prone to a privilege escalation attack.

Description :

The remote version of MySQL is older than 3.23.56. Such versions are
affected by an issue that may allow the mysqld service to start with
elevated privileges. An attacker can exploit this vulnerability by
creating a 'DATADIR/my.cnf' that includes the line 'user=root' under
the '[mysqld]' option section. When the mysqld service is executed,
it will run as the root user instead of the default user.

See also :

http://archives.neohapsis.com/archives/bugtraq/2003-03/0143.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0154.html

Solution :

Upgrade to at least version 3.23.56.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 11378 ()

Bugtraq ID: 7052

CVE ID: CVE-2003-0150