Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: Debian's package "mysql-server" leaks credential information
From: vladz <vladz () devzero fr>
Date: Sat, 8 Jun 2013 12:44:45 +0200

Hi,

The file "/etc/mysql/debian.cnf", which contains plain text credentials
for the "debian-sys-maint" mysql user, is created in an insecure manner
during the package installation phase.  This can lead a non-privileged
local user to disclose its content and use this special account to
perform administration tasks.

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600

Could you allocate CVE id for this issue?

Thank you,
vladz.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault