MySQL datadir/my.cnf Modification Privilege Escalation

This script is Copyright (C) 2003-2016 StrongHoldNet

Synopsis :

The remote database server is prone to a privilege escalation attack.

Description :

The remote version of MySQL is older than 3.23.56. Such versions are
affected by an issue that may allow the mysqld service to start with
elevated privileges. An attacker can exploit this vulnerability by
creating a 'DATADIR/my.cnf' that includes the line 'user=root' under
the '[mysqld]' option section. When the mysqld service is executed,
it will run as the root user instead of the default user.

See also :

Solution :

Upgrade to at least version 3.23.56.

Risk factor :

High / CVSS Base Score : 9.0
CVSS Temporal Score : 7.8
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 11378 ()

Bugtraq ID: 7052

CVE ID: CVE-2003-0150

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now