VDB
CVE-2013-2162
CVE-2013-2162
PUBLISHED
CVSS 1.899999976158142 LOW
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.
EPSS 0.05% · 17.4th percentile
Risk Scores
CVSS v2.0
1.899999976158142
EPSS Score
0.05%
17.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| canonical | ubuntu_linux | 10.04, 12.04, 12.10 |
Timeline
- Aug 19, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
References
- 54300 third-party-advisory
- DSA-2818 vendor-advisory
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600 url
- [oss-security] 20130608 Re: CVE request: Debian's package "mysql-server" leaks credential information mailing-list
- 60424 vdb
- USN-1909-1 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2013-2162 advisory