FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mysql-server -- multiple remote vulnerabilities

Affected packages
4.0.0 <= mysql-server < 4.0.24
4.1.0 <= mysql-server < 4.1.10a

Details

VuXML ID 619ef337-949a-11d9-b813-00d05964249f
Discovery 2005-03-11
Entry 2005-03-14

SecurityFocus reports:

MySQL is reported prone to an insecure temporary file creation vulnerability.

Reports indicate that an attacker that has 'CREATE TEMPORARY TABLE' privileges on an affected installation may leverage this vulnerability to corrupt files with the privileges of the MySQL process.

MySQL is reported prone to an input validation vulnerability that can be exploited by remote users that have INSERT and DELETE privileges on the 'mysql' administrative database.

Reports indicate that this issue may be leveraged to load an execute a malicious library in the context of the MySQL process.

Finally, MySQL is reported prone to a remote arbitrary code execution vulnerability. It is reported that the vulnerability may be triggered by employing the 'CREATE FUNCTION' statement to manipulate functions in order to control sensitive data structures.

This issue may be exploited to execute arbitrary code in the context of the database process.

References

Bugtraq ID 12781
CVE Name CVE-2005-0709
CVE Name CVE-2005-0710
CVE Name CVE-2005-0711