Vulnerability Name:

CVE-2003-0150 (CCN-11510)

Assigned:2003-03-08
Published:2003-03-08
Updated:2019-10-07
Summary:MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: BugTraq Mailing List, Sat Mar 08 2003 - 05:58:37 CST
MySQL user can be changed to root

Source: CCN
Type: BugTraq Mailing List, Mon Mar 10 2003 - 13:08:38 CST
Re: MySQL user can be changed to root

Source: MITRE
Type: CNA
CVE-2003-0150

Source: CONECTIVA
Type: UNKNOWN
CLA-2003:743

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2003:743
MySQL

Source: BUGTRAQ
Type: UNKNOWN
20030308 MySQL_user_can_be_changed_to_root?

Source: BUGTRAQ
Type: UNKNOWN
20030310 Re: MySQL user can be changed to root

Source: BUGTRAQ
Type: UNKNOWN
20030318 [OpenPKG-SA-2003.022] OpenPKG Security Advisory (mysql)

Source: BUGTRAQ
Type: UNKNOWN
20030318 GLSA: mysql (200303-14)

Source: CCN
Type: RHSA-2003-093
Updated MySQL packages fix vulnerabilities

Source: CCN
Type: RHSA-2003-094
mysql security update

Source: REDHAT
Type: UNKNOWN
RHSA-2003:094

Source: CCN
Type: RHSA-2003-166
Updated MySQL packages fix vulnerabilities

Source: CCN
Type: CIAC Information Bulletin N-089
Red Hat MySQL Vulnerabilities

Source: DEBIAN
Type: UNKNOWN
DSA-303

Source: DEBIAN
Type: DSA-303
mysql -- privilege escalation

Source: CCN
Type: US-CERT VU#203897
MySQL allows default user to be changed to root via custom my.cnf file

Source: CERT-VN
Type: US Government Resource
VU#203897

Source: ENGARDE
Type: UNKNOWN
ESA-20030324-012

Source: CCN
Type: Gentoo Linux Security Announcement 200303-14
mysql remote root exploit

Source: CCN
Type: EnGarde Secure Linux Security Advisory ESA-20030324-012
root exploit.

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2003:057

Source: CCN
Type: MySQL Web site
MySQL 3.23 Downloads

Source: CCN
Type: OpenPKG-SA-2003.022
MySQL

Source: REDHAT
Type: UNKNOWN
RHSA-2003:093

Source: BID
Type: Exploit, Patch, Vendor Advisory
7052

Source: CCN
Type: BID-7052
MySQL mysqld Privilege Escalation Vulnerability

Source: CCN
Type: Trustix Secure Linux Security Advisory #2003-0009
Several security fixes

Source: CCN
Type: TLSA-2003-25
MySQL user can be changed to root

Source: XF
Type: UNKNOWN
mysql-datadir-root-privileges(11510)

Source: XF
Type: UNKNOWN
mysql-datadir-root-privileges(11510)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:442

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:mysql:3.23.52:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.53:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.54:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.55:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:mysql:3.23.49:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.54:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.36:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.37:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.38:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.39:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.40:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.41:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.42:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.43:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.44:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.45:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.46:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.47:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.48:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.50:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.51:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.52:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.53:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.55:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.5:*:*:*:server:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_linux:-:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2::ppc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:442
    V
    		MYSQL Privilege Escalation Vulnerability via INFO OUTFILE Select
    2010-09-20
    oval:org.debian:def:303
    V
    		privilege escalation
    2003-05-15
    BACK
    oracle mysql 3.23.52
    oracle mysql 3.23.53
    oracle mysql 3.23.53a
    oracle mysql 3.23.54
    oracle mysql 3.23.54a
    oracle mysql 3.23.55
    mysql mysql 3.23.49
    mysql mysql 3.23.54
    mysql mysql 3.23.36
    mysql mysql 3.23.37
    mysql mysql 3.23.38
    mysql mysql 3.23.39
    mysql mysql 3.23.40
    mysql mysql 3.23.41
    mysql mysql 3.23.42
    mysql mysql 3.23.43
    mysql mysql 3.23.44
    mysql mysql 3.23.45
    mysql mysql 3.23.46
    mysql mysql 3.23.47
    mysql mysql 3.23.48
    mysql mysql 3.23.50
    mysql mysql 3.23.51
    mysql mysql 3.23.52
    mysql mysql 3.23.53
    mysql mysql 3.23.53a
    mysql mysql 3.23.54a
    mysql mysql 3.23.55
    debian debian linux 2.2
    redhat linux 7
    redhat linux 7.1
    turbolinux turbolinux server 6.5
    conectiva linux 7.0
    trustix secure linux 1.5
    redhat linux 7.2
    engardelinux secure linux -
    mandrakesoft mandrake linux 8.2
    conectiva linux 8.0
    redhat linux 7.3
    debian debian linux 3.0
    openpkg openpkg current
    gentoo linux *
    redhat linux 8.0
    openpkg openpkg 1.1
    mandrakesoft mandrake linux 9.0
    turbolinux turbolinux server 6.1
    openpkg openpkg 1.2
    mandrakesoft mandrake linux corporate server 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat linux 9.0
    redhat enterprise linux 2.1
    conectiva linux 9.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 8.2