CVE-2013-2162
Advisory lineage Upstream: 0 Downstream: 2
Downstream
Modified
Published: 19 Aug 2013, 00:00
Last modified:06 Aug 2024, 15:27
Vulnerability Summary
Overall Risk (default)
low
18/100 CVSS Score
1.9 LOW
v2.0 (nvd)
EPSS Score
0.06% LOW
0% probability +0.02%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
19 Aug 2013, 00:00
Published
Vulnerability first disclosed
06 Aug 2024, 15:27
Last Modified
Vulnerability information updated
Description
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.
CVSS Metrics
- v2.0•LOW•Score: 1.9AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.06%• Percentile: 17%
Techniques & Countermeasures
- CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Affected Systems
- canonical•ubuntu_linux
10.04 | 12.04 | 12.10 | 13.04