X

The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 101864 Multiple Security Vulnerabilities in The "MySQL" Package

Guest Author
Product: Solaris 10 Operating System

Multiple security vulnerabilities in the "MySQL" package, an open source database package bundled with Solaris 10 (see mysqld(1)), may result in one or more of the following issues:

1. An unprivileged "MySQL" user may be able to access and potentially modify sensitive information in database tables.

This issue is referenced in the following document:

2. An unprivileged "MySQL" user may be able to disable a "MySQL" server causing a Denial of Service(DoS).

This issue is referenced in the following document:

3. A local unprivileged UNIX user may be able to overwrite or create arbitrary files on the system with the privileges of a user who invokes the mysqlaccess(1) script.

This issue is referenced in the following document:

4. A "MySQL" user with "INSERT" and "DELETE" privileges may be able to execute arbitrary commands with the privileges of the "MySQL" server due to a security vulnerability in the "CREATE FUNCTION" command.

This issue is referenced in the following document:

5. A "MySQL" user with "INSERT" and "DELETE" privileges may be able to execute arbitrary commands with the privileges of the "MySQL" server due to a security vulnerability in the "udf_init" function.

This issue is referenced in the following document:

6. A "MySQL" user with the "CREATE TEMPORARY TABLES" privilege may be able to overwrite or create files on the system with the privileges of the "MySQL" server.

This issue is referenced in the following document:

Note: The "MySQL" server, mysqld(1), runs as an unprivileged user by default.

Avoidance: Patch
State: Resolved
First released: 11-Aug-2005

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.