New Search

MYSQL Privilege Escalation Vulnerability via INFO OUTFILE Select

oval:org.mitre.oval:def:442

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart as demonstrated by modifying my.cnf.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Linux 9
Class:
vulnerability
Reference(s):
  • CVE-2003-0150
Product(s):
  • MySQL