Bug 42082 (CVE-2003-0150)

Summary: VUL-0: CVE-2003-0150: mysql: possible privilege escalation to root
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Tomas Crhak <tcrhak>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2003-0150: CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2003-05-23 16:49:50 UTC 
http://www.mysql.com/doc/en/News-3.23.56.html 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0150 
 
The new version has several security fixes, including one for a problem 
where a user accessing mysql could overwrite a configfile, 
which in turn would make mysql run as root (allowing further exploits).
Comment 1 Marcus Meissner 2003-05-23 16:49:50 UTC 
<!-- SBZ_reproduce  -->
unknown.
Comment 2 Tomas Crhak 2003-05-27 00:09:21 UTC 
Yes, I'm working on the overwrite bugfix. If users star mysql with
out rcmysql script, they are not vulnerable, as it is run with --user=mysql.

May I ask you for translating into german (for the putonftp file):

MySQL 3.23.55 and earlier creates world-writeable files and allows
mysql users to gain root privileges by using the "SELECT * INFO OUTFILE"
operator to overwrite a configuration file and cause mysql to run
as root upon restart. You are not vulnerable if you use "rcmysql start"
to start mysqld.
Comment 3 Tomas Crhak 2003-06-03 21:14:22 UTC 
done
Comment 4 Thomas Biege 2009-10-13 19:34:27 UTC 
CVE-2003-0150: CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)