MySQL < 3.23.56 Writable Configuration Files

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a privilege escalation vulnerability.

Description :

The version of MySQL installed on the remote host is older than
3.23.56. As such, it reportedly creates world-writeable files. By
restarting the MySQL daemon under root ID, a local attacker could gain
root privileges.

See also :

http://marc.info/?l=bugtraq&m=104802285012750&w=2
http://marc.info/?l=bugtraq&m=104739810523433&w=2
http://marc.info/?l=bugtraq&m=104715840202315&w=2

Solution :

Upgrade to MySQL 3.23.56 or later.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 17820 ()

Bugtraq ID: 7052

CVE ID: CVE-2003-0150