Launchpad.net

CVE 2013-2162

Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.

Related bugs and status

CVE-2013-2162 (Candidate) is related to these bugs:

Bug #1203828: mysql 5.5.32, 5.1.70 security update tracking bug

		In	Importance	Status
1203828	mysql 5.5.32, 5.1.70 security update tracking bug	mysql-5.5 (Ubuntu)	Medium	Fix Released
1203828	mysql 5.5.32, 5.1.70 security update tracking bug	mysql-5.5 (Ubuntu Lucid)	Undecided	Invalid
1203828	mysql 5.5.32, 5.1.70 security update tracking bug	mysql-5.5 (Ubuntu Precise)	Medium	Fix Released
1203828	mysql 5.5.32, 5.1.70 security update tracking bug	mysql-5.5 (Ubuntu Raring)	Medium	Fix Released
1203828	mysql 5.5.32, 5.1.70 security update tracking bug	mysql-5.5 (Ubuntu Quantal)	Medium	Fix Released
1203828	mysql 5.5.32, 5.1.70 security update tracking bug	mysql-5.5 (Ubuntu Saucy)	Medium	Fix Released
1203828	mysql 5.5.32, 5.1.70 security update tracking bug	mysql-dfsg-5.1 (Ubuntu)	Undecided	Invalid
1203828	mysql 5.5.32, 5.1.70 security update tracking bug	mysql-dfsg-5.1 (Ubuntu Lucid)	Medium	Fix Released
1203828	mysql 5.5.32, 5.1.70 security update tracking bug	mysql-dfsg-5.1 (Ubuntu Precise)	Undecided	Invalid
1203828	mysql 5.5.32, 5.1.70 security update tracking bug	mysql-dfsg-5.1 (Ubuntu Quantal)	Undecided	Invalid
1203828	mysql 5.5.32, 5.1.70 security update tracking bug	mysql-dfsg-5.1 (Ubuntu Raring)	Undecided	Invalid
1203828	mysql 5.5.32, 5.1.70 security update tracking bug	mysql-dfsg-5.1 (Ubuntu Saucy)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2013060...
MISC: http://bugs.debian.org...
UBUNTU: USN-1909-1
BID: 60424
SECUNIA: 54300
DEBIAN: DSA-2818